Industry standards are changing: End of 2-year public SSL/TLS certificates
On August 27, 2020, 5:59 PM MDT (23:59 UTC), DigiCert will stop issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days. We are doing this to prepare for the industry’s move away from 2-year public SSL/TLS certificates. For more information about this change, see End of 2-year DV, OV, and EV public SSL/TLS certificates.
After August 27, you can only purchase 1-year public SSL/TLS certificates. However, to maximize your SSL/TLS coverage, purchase your new certificates with a DigiCert® Multi-year Plan. For more information about these plans, see Multi-year Plans.
When needed, you can cancel a pending SSL/TLS certificate order, before we issue the certificate.
Check the status of your SSL/TLS certificate orders.
Before DigiCert can issue your SSL/TLS certificate, you must prove control over the domains on the order. Supported DCV methods for DV certificate orders: Email, DNS TXT, DNS CNAME, and HTTP Practical Demonstration.
For EV certificates domains must be re-validated every 13 months. For OV certificates, domains must be re-validated every 825 days (approximately 27 months).
When ordering Organization Validation (OV) and Extended Validation (EV) SSL/TLS certificates, DigiCert must validate the organization included on the certificate order.
The difference between the EV and the OV SSL/TLS certificates issuance process is the degree of organization verification (validation) DigiCert does for the certificate type. For EV certificates, the organization validation is more thorough and includes some additional checks. See SSL Certificate Validation Process from DigiCert.
For EV certificates, organizations must be revalidated every 13 months. For OV certificates, organizations must be revalidated every 825 days (approximately 27 months).
To access an issued SSL/TLS certificate, download it from your CertCentral account. You can also email the certificate from inside your account.
Reissue an SSL/TLS certificate to replace the existing certificate with a new one that has different information (for example, add another SAN to a multi-domain SSL certificate).
When needed, you can cancel a pending reissue request on an SSL/TLS certificate, before we issue the certificate.
Renew an expiring or expired SSL/TLS certificate order.
Basic CertCentral accounts don't support organization or domain pre-validation. If the validation has expired when you go to renew a certificate, you must demonstrate control over the domains on the renewal order and DigiCert must re-validate the organization.
When necessary, you can revoke an issued SSL/TLS certificate. For example, you are retiring a server and no longer need its SSL/TLS certificate. Certificate revocation is a three step process: