Filtrando por: Services API x limpar
new

DIGICERT 2022 MAINTENANCE SCHEDULE

To make it easier to plan your certificate-related tasks, we scheduled our 2022 maintenance windows in advance. See DigiCert 2022 scheduled maintenance—this page is updated with all current maintenance schedule information.

With customers worldwide, we understand there is not a "best time" for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.

About our maintenance schedule

  • Maintenance is scheduled for the first weekend of each month unless otherwise noted.
  • Each maintenance window is scheduled for 2 hours.
  • Although we have redundancies to protect your service, some DigiCert services may be unavailable.
  • All normal operations will resume once maintenance is completed.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.

If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team.

enhancement

CertCentral Services API: Improved Order info API response

Update: To give API consumers more time to evaluate the impact of the Order info API response changes on their integrations, we are postponing this update until May 31, 2022. We originally planned to release the changes described below on April 25, 2022.

On May 31, 2022, DigiCert will make the following improvements to the Order info API. These changes remove unused values and update the data structure of the order details object to be more consistent for orders in different states across product types.

For more information and response examples for public TLS, code signing, document signing, and Class 1 S/MIME certificates, see the reference documentation for the Order info endpoint.

If you have questions or need help with these changes, contact your account representative or DigiCert Support.

Need to test your API integration?

To help CertCentral Services API consumers evaluate the impact of these changes, DigiCert is providing a beta server for API consumers to test their integrations prior to the May 31, 2022 release. To learn more, see our knowledge base article: DigiCert CertCentral Services API beta server.


General enhancements

The following changes apply to orders for various certificate types irrespective of order status.

Removed parameters:

  • public_id (string)
    For all orders, the API will stop returning the public_id parameter. DigiCert no longer supports the Express Install workflow that required a public_id value.
  • certificate.ca_cert_id (string)
    For DV certificate orders, the API will stop returning the ca_cert_id parameter. The value of this parameter is an internal ID for the issuing ICA certificate and cannot be used externally. The API already excludes the ca_cert_id parameter from the order details for other product types.

    To get the name and public ID of the issuing ICA certificate associated with the order, use the ca_cert object instead.
  • verified_contacts (array of objects)
    For document signing certificate orders, the API will stop returning the verified_contacts array. The API already excludes the verified_contacts array from the order details for other product types.
  • certificate.dns_names (array of strings)
    If there are no DNS names associated with the order (for example, if the order is for a code signing, document signing, or Class 1 S/MIME certificate), the API will stop returning the dns_names array.

    Before, the API returned a dns_names array with an empty string: [" "]
  • certificate.organization_units (array of strings)
    If there are no organization units associated with the order, the API will stop returning an organization_units array.

    Before, for some product types, the API returned an organization_units array with an empty string: [" "]
  • certificate.cert_validity
    In the cert_validity object, the API will only return a key/value pair for the unit used to set the certificate validity period when the order was created. For example, if the validity period of the certificate is for 1 year, the cert_validity object will return a years parameter with a value of 1.

    Before, the cert_validity object sometimes returned values for both days and years.

Added parameters:

  • order_validity (object)
    For code signing, document signing, and client certificate orders, the API will start returning an order_validity object.

    The order_validity object returns the days, years, or custom_expiration_date for the order validity period. The API already includes an order_validity object in the order details for public SSL/TLS products.
  • payment_profile (object)
    For DV certificate orders, if the order is associated with a saved credit card, the API will start returning a payment_profile object. The API already includes a payment_profile object in the order details for other product types.
  • server_licenses
    For DV certificate orders, the API will start returning the server_licenses parameter. The API already includes the server_licenses parameter in the order details for other product types.

Unapproved order requests

The following changes apply only to certificate order requests that are pending approval or that have been rejected. These changes bring the data structure of the response closer to what the API returns after the request is approved and the order is submitted to DigiCert for validation and issuance.

To manage unapproved and rejected requests, we recommend using the Request endpoints (/request) instead of retrieving the order details. We designed the /request endpoints to manage pending and rejected certificate order requests, and these endpoints remain unchanged.

Note: For quicker certificate issuance, we recommend using a workflow that skips or omits the request approval step for new certificate orders. If your API workflow already skips or omits the approval step, you can safely ignore the changes below. Learn more about removing the approval step:

Added parameters:

  • disable_ct (boolean)
  • allow_duplicates (boolean)
  • cs_provisioning_method (string)

Removed parameters:

  • server_licenses (integer)
    For unapproved order requests, the API will stop returning the server_licenses parameter. The API will continue including the server_licenses parameter in order details for approved order requests.

Improved organization object
To provide a consistent data structure in the order details for unapproved and approved order requests, the API will return a modified organization object on unapproved order requests for some product types.

The API will stop returning the following unexpected properties on unapproved order requests for all product types:

  • organization.status (string)
  • organization.is_hidden (boolean)
  • organization.organization_contact (object)
  • organization.technical_contact (object)
  • organization.contacts (array of objects)

The API will start returning the following expected properties, if existing, on unapproved order requests for all product types:

  • organization.name (string)
  • organization.display_name (string)
  • organization.assumed_name (string)
  • organization.city (string)
  • organization.country (string)

To get organization details not included in the Order info response, use the Organization info API endpoint.

new

CertCentral: Update organization and technical contacts from the organization's details page

We are happy to announce you can now manage your organization and technical contacts from your organization's details page. This new feature allows you to replace incorrect contacts anytime.

Note: Before, you could only view the existing organization and technical contacts when visiting the organization's details page. The only way to replace an organization or technical contact was when requesting a TLS certificate.

The next time you visit an organization's details page, you can update the organization contact and technical contact for the organization. After editing a contact, you will see the new contact information the next time you order a certificate that includes organization and technical contacts.

Items to note when replacing contacts:

  • Replacing a contact is not retroactive and does not affect existing certificate orders, issued or pending.
  • Replacing the organization contact does not affect the organization validation. However, we will contact the organization directly to verify the new organization contact.

See for yourself

  1. In your CertCentral account, in the left main menu, go to Certificates > Organizations.
  2. On the Organizations page, select the name of the organization.
  3. On the organization's details page, you can now replace the organization contact and add, delete, and replace the technical contact.

Learn more:

new

CertCentral Services API: Update organization and technical contacts

To help you manage the organization and technical contacts for your organizations in your API integrations, we added the following endpoints to the CertCentral Services API:

new

Upcoming Schedule Maintenance

Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).

DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See the DigiCert 2022 maintenance schedule for maintenance dates and times.

Services will be restored as soon as we complete the maintenance.

new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.

Note: Maintenance will be one hour earlier for those who don't observe daylight savings.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral® TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral® SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis® TrustLink® certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored
  • Access to User Authorization Agent (UAA) services will be disabled: both the UAA Admin and User web portals

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral: DNS CNAME DCV method now available for DV certificate orders

In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.

Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.

To use the DNS CNAME DCV method on your DV certificate order:

  • In CertCentral:
    • When ordering a DV TLS certificate, you can select DNS CNAME as the DCV method.
    • On the DV TLS certificate's order details page, you can change the DCV method to DNS CNAME Record.
  • In the Services API:
    • When requesting a DV TLS certificate, set the value of the dcv_method request parameter to dns‑cname‑token.

Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.

To learn more about using the DNS CNAME DCV method:

enhancement

CertCentral Services API: Improved List domains endpoint response

To make it easier to find information about the domain control validation (DCV) status for domains in your CertCentral account, we added these response parameters to domain objects in the List domains API response:

  • dcv_approval_datetime: Completion date and time of the most recent DCV check for the domain.
  • last_submitted_datetime: Date and time the domain was last submitted for validation.

For more information, see the reference documentation for the List domains endpoint.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral™ TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral™ SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis™ TrustLink™ certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

fix

CertCentral: Improved verified contact EV TLS certificate request approval process

In CertCentral and the CertCentral Services API, we updated the EV TLS certificate request process to only send the EV TLS request approval emails to the verified contacts you include on the certificate request.

Note: Before, when you requested an EV TLS certificate, we sent the EV order approval email to all the verified contacts for the organization.

Add verified contacts to an EV TLS certificate request:

  • CertCentral
    When requesting an EV TLS certificate, you can:
    • Keep the existing verified contacts assigned to the organization
    • Remove contacts (at least one is required)
    • Add new contacts (we must validate each new contact, which may delay certificate issuance).
  • Services API
    When requesting an EV TLS certificate, include the verified contacts in the organization.contacts array of the JSON request. For verified contacts, the value of the contact_type field is ev_approver.

To learn more about EV TLS certificate requests:

enhancement

CertCentral Services API: Domain info enhancement

We updated the Domain info API response to include the expiration_date parameter for the DCV token associated with the domain. Now, when you call the Domain info API and set the value of the include_dcv query parameter to true, the dcv_token object in the response includes the expiration_date of the DCV token for the domain.

enhancement

Improved Domains page, Validation status filter—Completed / Validated

On the Domains page, in the Validation status dropdown, we updated the Completed / Validated filter to make it easier to find domains with completed and active domain control validation (DCV).

Note: Before, when you searched for domains with Completed / Validated DCV, we returned all domains with completed DCV even if the domain validation had expired.

Now, when you search for domains with Completed / Validated DCV, we only return domains with completed and active DCV in your search results. To find domains with expired DCV, use the Expired filter in the Validation status dropdown.

Find domains with completed and active DCV

  1. In CertCentral, in the left main menu, go to Certificates > Domains.
  2. On the Domains page, in the Validation status dropdown, select Completed / Validated.
enhancement

CertCentral Services API: List domains enhancement

For the List domains API, we updated the filters[validation]=completed filter to make it easier to find domains validated for OV or EV certificate issuance.

Before, this filter returned all domains with completed DCV checks, even if the domain validation had expired. Now, the filter only returns domains with an active OV or EV domain validation status

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on January 8, 2022, between 22:00 – 24:00 MST (January 9, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • If you use the APIs for immediate certificate issuance and automated tasks, expect interruptions.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Para facilitar o planejamento das tarefas relacionadas ao certificado, agendamos a nossa janela de manutenção de 2021 com antecedência. Veja Manutenção agendada da DigiCert 2021 - esta página é mantida atualizada com todas as informações de agendamento de manutenções.

Com clientes de todo o mundo, entendemos que não há um melhor momento para todos. Contudo, após revisar os dados sobre uso de clientes, selecionamos horas que afetariam a menor quantidade dos nossos clientes.

Sobre a nossa agenda de manutenção

  • A manutenção está agendada para a primeira semana de cada mês, a menos que observado de outra forma.
  • Cada janela de manutenção é agendada para 2 horas.
  • Embora tenhamos redundâncias para proteger seu serviço, alguns serviços DigiCert podem estar indisponíveis.
  • Todas as operações normais são retomadas depois da conclusão da manutenção.

Se você precisar de mais informações sobre essas janelas de manutenção, entre em contato com o gerente da sua conta ou com a equipe de suporte DigiCert. Para obter atualizações ao vivo, assine a página Status da DigiCert.

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on December 4, 2021, between 22:00 – 24:00 MST (December 5, 2021, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on November 6, 2021, between 22:00 – 24:00 MDT (November 7, 2021, between 04:00 – 06:00 UTC).


CertCentral infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance between 22:00 and 22:10 MDT (04:00 and 04:10 UTC). Then, for approximately 30 minutes, the following services will be down:

DV certificate issuance for CertCentral, ACME, and ACME agent automation

  • DV certificate requests submitted during this time will fail
  • APIs will return a "cannot connect" error
  • Failed requests should be resubmitted after services are restored

CIS and SCEP

  • Certificate Issuing Service (CIS) will be down
  • Simple Certificate Enrollment Protocol (SCEP) will be down
  • DigiCert will be unable to issue certificates for CIS and SCEP
  • APIs will return a "cannot connect" error
  • Requests that return "cannot connect" errors should be resubmitted after services are restore

QuoVadis TrustLink certificate issuance

  • TrustLink certificate requests submitted during this time will fail
  • However, failed requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored, as required

This maintenance only affects DV certificate issuance, CIS, SCEP, and TrustLink certificate issuance. It does not affect any other DigiCert platforms or services .


PKI Platform 8 maintenance

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC). Then, for approximately 30 minutes, the PKI Platform 8 will experience service delays and performance degradation that affect:

  • Signing in and using your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • Using any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • Performing certificate lifecycle tasks/operations:
    • Enrolling certificates: new, renew, or reissues
    • Adding domains and organizations
    • Submitting validation requests
    • Viewing reports, revoking certificates, and creating profiles
    • Adding users, viewing certificates, and downloading certificates
  • Certificate issuance for PKI Platform 8 and its corresponding API.

Additionally:

  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.


Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 20 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 60 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete our maintenance.

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

new

CertCentral Services API: Get orders by alternative order ID

We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id you provide in the URL path.

new

Verified Mark Certificates available now.

Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.

To disable or change availability of VMC in your account, visit the Product Settings page.

Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.

new

CertCentral Services API: Verified Mark Certificate enhancements

To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.

New endpoints:

Updated endpoints:

  • Order info
    We updated the Order info endpoint to return a vmc object with the trademark country code, registration number, and logo information for VMC orders.
  • Email certificate
    We updated the Email certificate endpoint to support emailing a copy of your issued VMC.

To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.

new

Upcoming schedule maintenance

On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.

Service downtime

From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:

  • CertCentral / Services API
  • Direct Cert Portal / API
  • ACME
  • Discovery / API
  • ACME agent automation / API

API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.

Service interruptions

During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:

  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • DigiCert ONE
  • Automation service
  • CT Log monitoring
  • Vulnerability assessment
  • PCI compliance scans

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • QuoVadis TrustLink

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Upcoming scheduled maintenance

On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

new

Upcoming scheduled maintenance

On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

new

CertCentral Services API: Site seal enhancements

To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:

  • New endpoint: Upload site seal logo
    We added a new endpoint – Upload site seal logo – you can use to upload your company logo for use with a DigiCert Smart Seal. This logo appears in the site seal on your website. Note: Only Secure Site and Secure Site Pro SSL/TLS certificates support the option to display your company logo in the site seal.
  • New endpoint: Update site seal settings
    We added a new endpoint – Update site seal settings – you can use to change the appearance of your site seal and the information that displays on the site seal information page.
  • Updated endpoint: Get site seal settings
    We updated the Site seal settings endpoint to return information about each property you can customize with the Update site seal settings endpoint.

Related topics:

enhancement

CertCentral Services API: Revoke certificate by serial number

To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.

Example Revoke certificate path using the certificate ID:

https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke

Example Revoke certificate path using the certificate serial number:

https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke

Learn more about using the Revoke certificate endpoint

new

Upcoming scheduled maintenance

On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services

For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8 / API
  • PKI Platform 8 SCEP
  • PKI Platform 7 / API
  • PKI Platform 7 SCEP
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral: New purchase order and invoice system

We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.

The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.

Pay invoices page

When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.

Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.

Purchase orders and invoices page

On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.

Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.

In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.

Existing PO and Invoice migration

  • Autogenerated invoices
    When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds).
  • Invoices generated from approved purchase orders
    When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
enhancement

CertCentral Services API: View balance enhancements

To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:

  • unpaid_invoice_balance
    Unpaid invoice balance
  • negative_balance_limit
    Amount the balance can go into the negative
  • used_credit_from_other_containers
    Amount owed by other divisions in the account (for accounts with separate division funds enabled)
  • total_available_funds
    Total funds available for future purchases

Example response: 

Example response from the View balance endpoint

For more information, see the documentation for the View balance endpoint.

enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

new

Upcoming scheduled maintenance

On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?

Please plan accordingly.

  • Schedule your high-priority orders, renewals, and reissues around the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

CertCentral Services API: Novos terminais de subconta

Para facilitar o gerenciamento de suas subcontas, adicionamos dois novos pontos de extremidade à API CertCentral Services: Listar domínios de subconta e Organizações de subconta da lista.

enhancement

CertCentral Services API: Criação de terminal de subconta aprimorada

Para dar a você mais controle sobre suas subcontas, adicionamos dois novos parâmetros de solicitação ao terminal Criar subconta: child_name e max_allowed_multi_year_plan_length.

  • child_name - Use este parâmetro para definir um nome de exibição personalizado para a subconta.
  • max_allowed_multi_year_plan_length - Use este parâmetro para personalizar a duração máxima dos pedidos do Plano plurianual para a subconta.

Exemplo de solicitação JSON:

Create subaccount example request

Depois de criar uma subconta, use o terminal Informações da subconta para visualizar o nome de "exibição" de uma subconta e a duração permitida do pedido do Plano Plurianual.

new

Próxima manutenção programada

Em 6 de fevereiro de 2021 entre 22:00 - 24:00 MST (7 de fevereiro de 2021 entre 05:00 - 07:00 UTC), O DigiCert fará a manutenção crítica.

Durante a manutenção, os serviços listados abaixo ficarão inativos por aproximadamente 60 minutos. No entanto, devido ao escopo de trabalho que está acontecendo, pode haver interrupções de serviço adicionais durante a janela de manutenção de duas horas.

Você não conseguirá fazer login nessas plataformas e acessar esses serviços e APIs:

  • CertCentral e sua API de serviços
  • API Direct Cert Portal/Direct Cert Portal
  • Serviço de emissão de certificados (CIS)
  • Protocolo simples de matrícula de certificados (SCEP)
  • Discovery e sua API
  • ACME
  • Automação do agente ACME e sua API

A DigiCert não poderá emitir certificados para estes serviços e APIs:

  • CertCentral e sua API de serviços
  • API Direct Cert Portal/Direct Cert Portal
  • Serviço de emissão de certificados (CIS)
  • Protocolo simples de matrícula de certificados (SCEP)
  • Complete Website Security (Segurança de Sites Completa, CWS) e sua API
  • PKI gerenciada para SSL (MSSL) e sua API
  • Link de confiança QV

Esses serviços não serão afetados pelas atividades de manutenção:

  • PKI Platform 8
  • PKI Platform 7
  • Gerentes DigiCert ONE

Nota API:

  • Os serviços para processar transações relacionadas a certificados não estarão disponíveis, como solicitação de certificados, adição de domínios e solicitações de validação.
  • APIs retornarão erros “não podem conectar”.
  • As solicitações de certificado feitas durante esta janela que receberem uma mensagem de erro "não pode se conectar" precisarão ser feitas novamente após os serviços serem restaurados.

O que eu posso fazer?

Planeje de acordo:

  • Programe pedidos de alta prioridade, renovações e reemissões durante a janela de manutenção.
  • Espere interrupções se você usar APIs para emissão imediata de certificados e tarefas automatizadas.
  • Assine a página Status da DigiCert para obter atualizações em tempo real.
  • Consulte a manutenção programada DigiCert 2021 para datas e horários de manutenção programada.

Os serviços serão restaurados assim que a manutenção for concluída.

new

CertCentral Services API: Novos detalhes do pedido de unidade e cancelamento de terminais do pedido de unidade

Temos o prazer de anunciar que adicionamos dois novos endpoints à API CertCentral Services: Detalhes do pedido da unidade e Cancelar pedido da unidade.

Esses pontos de extremidade permitem obter informações sobre um pedido de unidade e cancelar um pedido de unidade.

Cancelando pedidos de unidades:

  • Você só pode cancelar um pedido no prazo de trinta dias após colocá-lo.
  • Você não pode cancelar um pedido de unidade se a subconta do pedido tiver gasto alguma das unidades.

Se você gerencia uma subconta que usa unidades como forma de pagamento, agora pode usar a API de serviços para realizar as seguintes tarefas:

enhancement

CertCentral Services API: Lista de produtos, limites de produtos e terminais de informações de produtos aprimorados

Para facilitar a localização dos períodos de validade do pedido disponíveis para os produtos de certificado digital em sua conta, adicionamos novos parâmetros de resposta à lista de produtos, limites do produto e endpoints de informações do produto.

Esses novos parâmetros de resposta permitem que você visualize os limites de validade do pedido padrão e personalizados para cada produto em sua conta.

Terminal da lista de produtos

O parâmetro allowed_order_validity_years retorna uma lista dos períodos de validade do pedido com suporte para cada produto em sua conta.

Terminal de limites do produto

O parâmetro allowed_order_lifetimes retorna uma lista de limites de validade de pedido personalizados para usuários com diferentes divisões e atribuições de função de usuário em sua conta.

Terminal de informações do produto

  • O parâmetro allowed_order_validity_years retorna uma lista dos períodos de validade do pedido que estão disponíveis quando você solicita o produto de certificado.
  • O parâmetro custom_order_expiration_date_allowed retorna um valor booleano que descreve se você pode definir uma data de expiração de pedido personalizado ao solicitar o produto de certificado.
enhancement

CertCentral Services API: Terminal de informações de pedido de subconta aprimorado

Para facilitar a localização de informações sobre os períodos de validade para pedidos de subconta, adicionamos novos parâmetros de resposta ao terminal de Informações de pedido de subconta. Esses novos parâmetros de resposta permitem que você veja a data de início do pedido, a data de término do pedido e se o pedido é um plano plurianual.

  • O parâmetro is_multi_year_plan retorna "1" se o pedido for um plano plurianual.
  • O parâmetro order_valid_from retorna a data de início do período de validade do pedido.
  • O parâmetro order_valid_till retorna a data final do período de validade do pedido.

Resposta de exemplo com novos parâmetros

Subaccount order updates

new

Próxima manutenção programada

Em 9 de janeiro de 2021 entre 22:00 - 24:00 MST (10 de janeiro de 2021 entre 05:00 - 07:00 UTC), DigiCert fará a manutenção programada.

Embora tenhamos redundâncias para proteger o seu serviço, alguns serviços da DigiCert podem estar indisponíveis durante este tempo.

O que você pode fazer?
Planeje de acordo.

  • Agende pedidos de alta prioridade, renovações, reemissões e emissões duplicadas fora da janela de manutenção.
  • Para obter atualizações ao vivo, assine a página Status da DigiCert.
  • Para datas e horários de manutenção programada, consulte Manutenção programada DigiCert 2021.

Os serviços serão restaurados assim que a manutenção for concluída.

new

CertCentral Services API: Atualizar as configurações de notificação de renovação

Adicionamos um novo endpoint ao contrato de API CertCentral Services: Atualizar as configurações de notificação de renovação. Use este terminal para habilitar ou desabilitar notificações de renovação para um pedido de certificado. 

Para obter mais informações, visite o tópico de referência para este endpoint na documentação da API de serviços:

enhancement

Personalize a vida útil do seu plano plurianual da DigiCert

Temos o prazer de anunciar que agora você pode configurar uma vida útil personalizada para seu Plano Plurianual (MyP) ao solicitar um certificado TLS no CertCentral. Nos formulários de solicitação de certificado TLS, use a nova opção Validade de pedido personalizado para personalizar a duração do seu pedido de certificado TLS.

Observação: A validade máxima do certificado TLS é de 397 dias de acordo com as práticas recomendadas do setor. Consulte Certificados SSL/TLS públicos de fim de 2 anos.

As durações dos pedidos do plano plurianual personalizado podem ser definidas em dias ou por data de vencimento. A duração máxima do pedido é de 2190 dias (6 anos). A duração mínima do pedido é de 7 dias.

Observação: Os pedidos personalizados começam no dia em que emitimos o certificado do pedido. O preço do pedido é rateado para corresponder ao certificado selecionado e ao comprimento do pedido personalizado.

Para personalizar sua cobertura MyP

  1. No formulário Solicitar certificado, clique em Selecionar comprimento de cobertura.
  2. Na janela pop-up de Quanto tempo você precisa para proteger o pop-up, selecione Validade do pedido personalizado.
  3. Em Selecione a duração do pedido do cliente, configure a duração do seu plano plurianual:
    1. Duração do pedido personalizado
      Especifique a duração do seu plano em dias.
    2. Data de expiração do pedido personalizada
      Selecione o dia em que deseja que seu plano expire.
  4. Clique em Salvar.
enhancement

Configurações de produto atualizadas para certificados TLS públicos

Para fornecer mais controle sobre o processo de pedido de seu certificado, atualizamos as configurações do produto para certificados TLS públicos. Agora, você pode determinar os comprimentos permitidos de pedido do Plano Plurianual que os usuários podem selecionar ao solicitar um certificado TLS público.

Na página de configurações do produto do certificado TLS, use a opção Períodos de validade permitidos para determinar quais comprimentos de pedido MyP aparecem em um formulário de solicitação de certificado TLS: 1 ano, 2 anos, 3 anos, 4 anos, 5 anos e 6 anos. Observe que as alterações feitas nas configurações do produto se aplicam às solicitações feitas por meio do CertCentral e da API de serviços.

Observação: Anteriormente, a opção Períodos de validade permitidos era usada para determinar a vida útil máxima do certificado que um usuário poderia selecionar ao solicitar um certificado TLS público. No entanto, com a mudança da indústria para o certificado de 1 ano, essa opção não é mais necessária para comprimentos de certificado. Consulte Certificados SSL/TLS públicos de fim de 2 anos.

Para configurar os comprimentos de pedido MyP permitidos para um certificado TLS

  1. No menu principal esquerdo, vá para Configurações > Configurações do produto.
  2. Na página Configurações do produto, selecione um certificado TLS público. Por exemplo, selecione Secure Site OV.
  3. Em Secure Site OV, na lista suspensa Períodos de validade permitidos, selecione os períodos de validade.
  4. Clique em Salvar configurações.

Na próxima vez que um usuário solicitar um certificado OV de Site Seguro, ele verá apenas as durações do período de validade que você selecionou no formulário de solicitação.

Observação: A definição de limites para comprimentos de pedidos de planos plurianuais remove a opção de validade personalizada de seus formulários de solicitação de certificado TLS.

enhancement

Página de domínios da CertCentral: Relatório de domínios.csv aprimorado

Na página Domínios, aprimoramos o relatório CSV para facilitar o rastreamento das datas de expiração de validação de domínio OV e EV e para visualizar o método de validação de controle de domínio (DCV) usado anteriormente.

Na próxima vez que você baixar o arquivo CSV, você verá três novas colunas no relatório:

  • Expiração do OV
  • Expiração do EV
  • Método DCV

Para fazer download do relatório dominios.csv

  1. No menu principal à esquerda, vá para Certificados > domínios.
  2. Na página Domínios, na lista suspensa Baixar CSV, selecione Baixar todos os registros.

Ao abrir o dominios.csv, você deverá ver as novas colunas e informações em seu relatório.

enhancement

Página de pedidos do CertCentral: Tempo de carregamento aprimorado

No CertCentral, atualizamos a página Pedidos para melhorar os tempos de carregamento para quem gerencia grandes volumes de pedidos de certificados. Na próxima vez que você visitar a página Pedidos, ela abrirá muito mais rápido (no menu principal à esquerda, vá para Certificados > Pedidos).

Para melhorar o tempo de carregamento, mudamos a forma como filtramos seus pedidos de certificado na visualização da página inicial. Anteriormente, filtrávamos a página para mostrar apenas pedidos de certificados Ativos. No entanto, isso era problemático para aqueles com altos volumes de pedidos de certificados. Quanto mais pedidos você tiver em sua conta, mais tempo a página Pedidos demorará para abrir.

Agora, quando você visita a página, nós retornamos todos os seus certificados, não filtrados, em ordem decrescente com os pedidos de certificados criados mais recentemente aparecendo primeiro na lista. Para ver apenas seus certificados ativos, na lista suspensa Status, selecione Ativo e clique em Ir.

new

CertCentral Services API: Comprar unidades para subcontas e visualizar pedidos de unidades

Na API CertCentral Services, adicionamos novos pontos de extremidade para comprar unidades e visualizar pedidos de unidades. Agora, se você gerencia subcontas que usam unidades como método de pagamento para solicitações de certificado, pode usar a API de serviços para comprar mais unidades para uma subconta e obter informações sobre seu histórico de pedidos de unidades.

Para obter mais informações, consulte a documentação de referência para os novos endpoints:

enhancement

CertCentral Services API: Atualizações de documentação

Temos o prazer de anunciar as seguintes atualizações na documentação da API CertCentral Services:

  • Nova API de estimativa de preço de voucher
    Publicamos um novo tópico de referência para o ponto final da estimativa de preço de voucher. Os clientes que usam vouchers podem usar este terminal para estimar o custo (incluindo impostos) de um pedido para configurações específicas de voucher.
  • Glossário de API atualizado
    Atualizamos o glossário com uma nova tabela para definir os diferentes valores de status de validação da organização. Veja Glossário - Status de validação da organização.
  • Parâmetro de solicitação adicionado à documentação de e-mails de conta de atualização
    Adicionamos o parâmetro de solicitação emergency_emails à documentação do terminal Atualizar e-mails de conta. Use este parâmetro para atualizar os endereços de e-mail que recebem notificações de emergência da DigiCert.

Exemplo Atualizar e-mails da conta corpo da solicitação:

emergency_emails.png
  • Adicionados parâmetros de resposta à documentação de informações do produto
    Adicionamos o validation_type, allowed_ca_certs, e parâmetros de resposta default_intermediate para a documentação do terminal de Informações do produto.
    • Use o parâmetro validation_type para obter o tipo de validação para um determinado produto.
    • Use o parâmetro allowed_ca_certs para obter informações sobre os certificados ICA que você pode selecionar ao fazer o pedido de um determinado produto. *
    • Use o parâmetro default_intermediate para obter o ID do ICA padrão para um determinado produto. *

Exemplo Informações do produto dados de resposta:

Product info response.png

* Observação: O terminal Informações do produto retorna apenas os parâmetros allowed_ca_certs e default_intermediates para produtos que suportam a seleção ICA. Para certificados SSL públicos que suportam a seleção ICA (certificados OV e EV flex), esses parâmetros são retornados apenas se a seleção ICA estiver habilitada para a conta. Além disso, o parâmetro default_intermediates só é retornado se um administrador personalizou uma configuração de produto para uma divisão ou função de usuário na conta. Para obter mais informações, consulte a opção de cadeia de certificados ICA para certificados OV e EV flex públicos.

enhancement

CertCentral Services API: Adicionados tokens DCV para novos domínios aos dados de resposta para pedidos de certificados OV e EV

Atualizamos os endpoints para solicitar certificados públicos OV e EV SSL para retornar os tokens de solicitação de validação de controle de domínio (DCV) para novos domínios no pedido.

Agora, quando você solicita um certificado OV ou EV, não precisa mais emitir solicitações separadas para obter os tokens de solicitação DCV para os novos domínios no pedido. Em vez disso, você pode obter os tokens diretamente dos dados de resposta para a solicitação de pedido.

Dados de resposta de exemplo:

Example response for an OV order with a new domain

Observação: O objeto dcv_token não é retornado para domínios que serão validados no escopo de outro domínio do pedido, para domínios já existentes em sua conta ou para subdomínios de domínios existentes.

Esta atualização se aplica aos seguintes endpoints:

new

Seleção de cadeia de certificados ICA para certificados OV e EV flex públicos

Temos o prazer de anunciar que os certificados públicos OV e EV com recursos flexíveis agora oferecem suporte à seleção de cadeia de certificados CA intermediários.

Você pode adicionar uma opção à sua conta CertCentral que permite controlar qual cadeia de certificados DigiCert ICA emite seus certificados OV e EV "flex" públicos.

Esta opção permite que você:

  • Defina a cadeia de certificados ICA padrão para cada certificado OV e EV flex público.
  • Controle quais cadeias de certificados ICA os solicitantes de certificados podem usar para emitir seus certificados flexíveis.

Configurar a seleção da cadeia de certificados ICA

Para habilitar a seleção ICA para sua conta, entre em contato com seu gerente de conta ou nossa Equipe de suporte. Em seguida, em sua conta do CertCentral, na página Configurações do produto (no menu principal à esquerda, vá para Configurações > Configurações do produto), configure os intermediários padrão e permitidos para cada tipo de certificado flexível OV e EV.

Para obter mais informações e instruções passo a passo, consulte a Opção de cadeia de certificados ICA para certificados OV e EV flex públicos.

new

Suporte de API DigiCert Services para seleção de cadeia de certificados ICA

Na API DigiCert Services, fizemos as seguintes atualizações para oferecer suporte à seleção ICA em suas integrações de API:

  • Novo terminal de limites de produto
    criado
    Use este terminal para obter informações sobre os limites e as configurações dos produtos habilitados para cada divisão em sua conta. Isso inclui valores de ID para as cadeias de certificação ICA padrão e permitidas de cada produto.
  • Adicionado suporte para seleção ICA para solicitações de pedido de certificado flexível TLS OV e EV público.
    Depois de configurar intermediários permitidos para um produto, você pode selecionar a cadeia de certificado ICA que deve emitir seu certificado quando você usa a API para enviar uma solicitação de pedido.
    Passe o ID do certificado ICA emissor como o valor do parâmetro ca_cert_id no corpo da sua solicitação de pedido

Exemplo de solicitação de certificado flexível:

Example flex certificate request

Para obter mais informações sobre como usar a seleção ICA em suas integrações de API, consulte Ciclo de vida do certificado OV/EV - (Opcional) Seleção ICA.

enhancement

Planos plurianuais DigiCert® disponíveis para todos os certificados SSL/TLS públicos da DigiCert

Temos o prazer de anunciar que os Planos Plurianuais agora estão disponíveis para todos os certificados SSL/TLS públicos no CertCentral. Esses planos permitem que você pague um único preço com desconto por até seis anos de cobertura de certificado SSL/TLS.

Observação: Os contratos Enterprise License Agreement (ELA) suportam apenas Planos Plurianuais de 1 e 2 anos. Os Contratos de taxa fixa não oferecem suporte a planos plurianuais. Se você tiver um contrato de taxa fixa, entre em contato com o gerente da sua conta para encontrar uma solução que funcione com o seu contrato.

Com Planos Plurianuais, você escolhe o certificado SSL/TLS, a duração da cobertura desejada (até seis anos) e a validade do certificado. Até que o plano expire, você emite novamente seu certificado sem nenhum custo cada vez que ele atinge o final de seu período de validade. Para obter mais informações, consulte Planos plurianuais.

enhancement

API de serviços da DigiCert muda para oferecer suporte a planos plurianuais

Em nossa API de serviços, atualizamos nossos terminais de certificados SSL/TLS públicos para oferecer suporte ao pedido de um certificado com um plano plurianual.

Para cada terminal para solicitar um certificado SSL/TLS público, adicionamos novos parâmetros de solicitação opcionais*. Além disso, atualizamos esses pontos de extremidade para que o período de validade do seu pedido não corresponda mais ao período de validade do seu certificado.

  • Novo parâmetro
    opcional cert_validity
    Use este parâmetro para definir o período de validade do primeiro certificado emitido para o pedido. Se você omitir o parâmetro cert_validity de sua solicitação, a validade de seu certificado é padronizada para a validade máxima que o DigiCert e os padrões da indústria permitem, ou o período de validade do pedido, o que ocorrer primeiro.
  • Novo parâmetro opcional order_validity*
    Use este parâmetro para definir o período de validade do pedido. A validade do pedido determina a duração de um plano plurianual.
  • Nível superior atualizadovalidity_years, validity_days, Os parâmetros custom_expiration_date*
    Para integrações API existentes, você ainda pode usar esses parâmetros existentes para definir o período de validade do pedido. No entanto, recomendamos atualizar suas integrações para usar os novos parâmetros. Lembre-se, com planos plurianuais, seu pedido pode ter um período de validade diferente do seu certificado.

*Nota: As solicitações devem incluir um valor para o objeto order_validity ou para um dos parâmetros de validade do pedido de nível superior: validity_years, validity_days, ou custom_expiration_date. Os valores fornecidos no objeto order_validity substituem os parâmetros de validade de nível superior.

Essas mudanças não devem afetar suas integrações atuais. No entanto, para maximizar sua cobertura SSL/TLS, você pode querer começar a comprar seus certificados SSL/TLS públicos com um plano plurianual. Para integrações de API, consulte Plano plurianual de pedido.

Exemplo de solicitação de certificado com novos parâmetros

Example SSL certificate request with new certificate and order valdity parameters

new

Planos plurianuais agora disponíveis

Temos o prazer de anunciar que os Planos Plurianuais agora estão disponíveis no CertCentral e Parceiros CertCentral.

Os planos plurianuais DigiCert® permitem que você pague um único preço com desconto por até seis anos de cobertura de certificado SSL/TLS. Com Planos Plurianuais, você escolhe o certificado SSL/TLS, a duração da cobertura desejada (até seis anos) e a validade do certificado. Até que o plano expire, você emite novamente seu certificado sem nenhum custo cada vez que ele atinge o final de seu período de validade.

A validade máxima de um certificado SSL/TLS vai de 825 dias para 397 dias em 1º de setembro de 2020. Quando o certificado ativo para um plano plurianual está prestes a expirar, você emite o certificado novamente para manter sua cobertura SSL/TLS.

compliance

O suporte do navegador para TLS 1.0 e 1.1 foi encerrado

Os quatro navegadores principais não oferecem mais suporte ao Transport Layer Security (TLS) 1.0 e 1.1.

O que você precisa saber

Esta alteração não afeta os seus certificados da DigiCert. Seus certificados continuam funcionando como sempre.

Esta alteração afeta serviços dependentes do navegador e aplicativos dependentes de TLS 1.0 ou 1.1. Agora que o suporte do navegador para TLS 1.0 e 1.1 terminou, qualquer sistema desatualizado não será capaz de fazer conexões HTTPS.

O que você precisa fazer

Se você for afetado por esta mudança e seu sistema suportar versões mais recentes do protocolo TLS, atualize a configuração do seu servidor assim que puder para TLS 1.2 ou TLS 1.3.

Se você não atualizar para o TLS 1.2 ou 1.3, seu servidor da web, sistema ou agente não poderá usar HTTPS para se comunicar com segurança com o certificado.

Informações de suspensão do navegador TLS 1.0/1.1

Firefox 78, lançado em 30 de junho de 2020

Safari 13.1, lançado em 24 de março de 2020

Chrome 84, lançado em 21 de julho de 2020

Edge v84, lançado em 16/07/2020

Recursos úteis

Com tantos sistemas exclusivos que dependem do TLS, não podemos cobrir todos os caminhos de atualização, mas aqui estão algumas referências que podem ajudar:

enhancement

CertCentral Services API: Documentação de mensagem de erro atualizada

Na documentação da API de serviços, atualizamos a página Erros para incluir descrições de mensagens de erro relacionadas a:

  • Emissão imediata de certificado DV
  • Validação de controle do domínio (DCV)
  • Verificações de registro de recurso de Autorização de Autoridade de Certificação (CAA)

No início deste ano, aprimoramos as APIs para pedidos de certificados DV e solicitações DCV para fornecer mensagens de erro mais detalhadas quando DCV, autorização de arquivo, pesquisas de DNS ou verificações de registro de recurso CAA falham. Agora, ao receber uma dessas mensagens de erro, verifique a página Erros para obter informações adicionais sobre solução de problemas.

Para maiores informações: