Filtrando por: CAA resource record x limpar

Junho 28, 2022

enhancement CertCentral TLS certificate issuance error messages CAA resource record
enhancement

CertCentral: Improved DNS Certification Authority Authorization (CAA) resource records checking

DigiCert is happy to announce that we improved the CAA resource record checking feature and error messaging for failed checks in CertCentral.

Now, on the order’s details page, if a CAA resource record check fails, we display the check’s status and include improved error messaging to make it easier to troubleshoot problems.

Background

Before issuing an SSL/TLS certificate for your domain, a Certificate Authority (CA) must check the DNS CAA Resource Records (RR) to determine whether they can issue a certificate for your domain. A Certificate Authority can issue a certificate for your domain if one of the following conditions is met:

  • They do not find a CAA RR for your domain.
  • They find a CAA RR for your domain that authorizes them to issue a certificate for the domain.

How can DNS CAA Resource Records help me?

CAA resource records allow domain owners to control which certificate authorities (CAs) are allowed to issue public TLS certificates for each domain.

Learn more about using DNS CAA resource records

Abril 11, 2022

domain lock Services API CertCentral caa domains CAA resource record
new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

Abril 5, 2022

symantec domains CertCentral upgrade Thawte GeoTrust legacy console upgrades RapidSSL Migration CAA resource record
new

CertCentral: Domain locking is now available

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

  1. Enable domain locking for your account.
  2. Set up domain locking for a domain.
  3. Add the domain's unique verification token to the domain's DNS CAA resource record.
  4. Check the CAA record for the unique verification token.

To learn more, see:

new

End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™

From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.

If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.

Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.

How do I upgrade my account?

To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.

What happens if I don't upgrade my account to CertCentral?

After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.

For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.

Abril 30, 2019

compliance CanSignHttpExchanges certificate requests ECC SSL certificates 90-day max validity CAA resource record
compliance

Requisitos das normas da indústria para incluir a extensão CanSignHttpExchanges em um certificado ECC SSL/TLS:

  • Registro de recurso CAA para o domínio que inclui o parâmetro "cansignhttpexchanges=yes"*
  • Par de chave Elliptic Curve Cryptography (ECC)
  • Extensão CanSignHttpExchanges
  • Validade máxima de 90 dias*
  • Usado apenas para Signed HTTP Exchange

*Nota: Estes requisitos entraram em efeito em 1 de maio de 2019. A extensão Signed HTTP Exchanges está sob desenvolvimento ativo. Pode haver alterações adicionais aos requisitos conforme o desenvolvimento da indústria continua.

O requisito de validade máxima do certificado de 90 dias não afeta certificados emitidos antes de 1 de maio de 2019. Note que certificado reemitido será truncado para 90 dias a partir do momento da re-emissão. Contudo, é possível continuar re-emitindo o certificado para o período completo adquirido de validade.

Extensão CanSignHttpExchanges

Recentemente, adicionamos um novo perfil do certificado, HTTP Signed Exchanges para ajudar a lidar com o problema de exibição da URL de AMP em que a sua marca não é exibida na barra de endereço. Consulte, Exibir melhores AMP URLs com Signed Exchanges.

Este novo perfil permite incluir a extensão CanSignHttpExchanges em certificados OV e EV SSL/TLS. Quando habilitada para a sua conta, a opção Incluir a extensão CanSignHttpExchanges no certificado aparece nos seus formulários de pedidos de certificados OV e EV SSL/TLS em Opções adicionais de certificados. Consulte Obter seu certificado Signed HTTP Exchanges.

Para habilitar este perfil do certificado para a sua conta, fale com o seu gerente de contas ou contate a nossa equipe de atendimento.

Sobre

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.