Configure Private SSL certificate products

Configure private SSL certificate products to automatically meet Apple's updated security policy requirements

Apple is implementing additional security requirements for all SSL/TLS certificates that by design impact private SSL/TLS certificates. See Apple's new compliance requirements for Private SSL certificates.

If Apple iOS and macOS trust is required for your private SSL/TLS certificates, you'll want to make sure your newly issued private TLS/SSL certificates meet the new requirements automatically.

  • Signed with an algorithm from the SHA-2 family (e.g., SHA256).
  • Have a validity period of 825 days or fewer.

Configure private SSL certificate product settings

We recommend configuring your private TLS certificate products settings at the account level. This helps prevent someone in your account from issuing a private SSL certificate not trusted by Apple's iOS 13 and macOS 10.15.

  1. In your CertCentral account, in the sidebar menu, click Settings > Product Settings.

  1. On the Product Settings page, uncheck Configure products by role.

  1. For accounts with multiple divisions, in the For dropdown, select the top-level division.

  1. In the Product column, select Private SSL.

  1. In the Product Settings column, in the Private SSL settings, in the Allowed Validity Periods box, select one or both of these validity periods:

    • 2 Years
    • 1 Year

  1. In the Allowed Signature Hashes box, select one or more of these signature hashes:

    • SHA-256
    • SHA-384
    • SHA-512

  1. Repeat these steps for each private SSL certificate product enabled for your account (e.g., Private Multi-Domain SSL).

What's next

The next time an account user orders a Private SSL certificate, they will only see the selected validity period options and selected signature hash options on the order form.

Sobre

A DigiCert é a provedora premium do mundo de certificados digitais de garantia: fornecendo implantações confiáveis de SSL e PKI gerenciada e particular, e certificados de dispositivos para o mercado emergente IoT. Desde a nossa fundação há quase quinze anos, temos sido impulsionados pela ideia de encontrar uma forma melhor. Uma melhor forma para fornecer autenticação na Internet. Uma melhor forma para personalizar soluções de acordo com as necessidades do nosso cliente. Agora, agregamos a experiência e talento da Symantec ao nosso legado de inovação para encontrarmos uma melhor forma de liderar a indústria e construirmos maior confiança em identidade e interações digitais.

©2019 DigiCert, Inc. Todos os direitos reservados. A DigiCert e seu logo são marcas registradas da DigiCert, Inc. Symantec e Norton e seus logos são marcas registradas usadas sob licença da Symantec Corporation. Outros nomes podem ser marcas registradas de seus respectivos donos.