Фильтрация по: CertCentral x очистить
new

DIGICERT 2022 MAINTENANCE SCHEDULE

To make it easier to plan your certificate-related tasks, we scheduled our 2022 maintenance windows in advance. See DigiCert 2022 scheduled maintenance—this page is updated with all current maintenance schedule information.

With customers worldwide, we understand there is not a "best time" for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.

About our maintenance schedule

  • Maintenance is scheduled for the first weekend of each month unless otherwise noted.
  • Each maintenance window is scheduled for 2 hours.
  • Although we have redundancies to protect your service, some DigiCert services may be unavailable.
  • All normal operations will resume once maintenance is completed.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.

If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team.

compliance

End of support for CBC ciphers in TLS connections

DigiCert will end support for Cipher-Block-Chaining (CBC) ciphers in TLS connections to our services on October 8, 2022, at 22:00 MDT (October 9, 2022, at 04:00 UTC).

This change affects browser-dependent services and applications relying on CBC ciphers that interact with these DigiCert services:

  • CertCentral and CertCentral Services API
  • Certificate Issuing Services (CIS)
  • CertCentral Simple Certificate Enrollment Protocol (SCEP)

This change does not affect your DigiCert-brand certificates. Your certificates will continue to work as they always have.

Why is DigiCert ending support for the CBC ciphers?

To align with Payment card industry (PCI) compliance standards, DigiCert must end support for the following CBC:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA

What do I need to do?

If you are using a modern browser, no action is required. Most browsers support strong ciphers, such as Galois/Counter Mode (GCM) ciphers, including Mozilla Firefox, Google Chrome, Safari, and Microsoft Edge. We do recommend updating your browser to its most current version.

If you have applications or API integrations affected by this change, enable stronger ciphers, such as GCM ciphers, in those applications and update API integrations before October 8, 2022.

If you do not update API integrations and applications, they will not be able to use HTTPS to communicate with CertCentral, the CertCentral Services API, CIS, and SCEP.

Knowledge base article

See our Ending Support for CBC Ciphers in TLS connections to our services for more information.

Contact us

If you have questions or need help, contact your account manager or DigiCert Support.

compliance

CertCentral: Revocation reasons for revoking certificates

CertCentral supports including a revocation reason when revoking a certificate. Now, you can choose one of the revocation reasons listed below when revoking all certificates on an order or when revoking an individual certificate by ID or serial number.

Supported revocation reasons:

  • Key compromise* - My certificate's private key was lost, stolen, or otherwise compromised.
  • Cessation of operation - I no longer use or control the domain or email address associated with the certificate or no longer use the certificate.
  • Affiliation change - The name or any other information regarding my organization changed.
  • Superseded - I have requested a new certificate to replace this one.
  • Unspecified - None of the reasons above apply.

*Note: Selecting Key compromise does not block using the associated public key in future certificate requests. To add the public key to the blocklist and revoke all certificates with the same key, visit problemreport.digicert.com and prove possession of the key.

Revoke immediately

We also added the Revoke this certificate immediately option that allows Administrators to skip the Request and Approval process and revoke the certificate immediately. When this option is deselected, the revocation request appears on the Requests page, where an Administrator must review and approve it before it is revoked.

Background

The Mozilla root policy requires Certificate Authorities (CAs) to include a process for specifying a revocation reason when revoking TLS/SSL certificates. The reason appears in the Certificate Revocation List (CRL). The CRL is a list of revoked digital certificates. Only the issuing CA can revoke the certificate and add it to the CRL.

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on September 10, 2022, 22:00 –24:00 MDT (September 11, 2022, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See DigiCert 2022 scheduled maintenance for scheduled maintenance dates and times.

Services will be restored as soon as the maintenance is completed.

new

CertCentral: Edit SANs on pending orders: new, renewals, and reissues

DigiCert is happy to announce that CertCentral allows you to modify the common name and subject alternative names (SANs) on pending orders: new, renewals, and reissues.

Tired of canceling an order and placing it again because a domain has a typo? Now, you can modify the common name/SANs directly from a pending order.

Items to note when modifying SANs

  • Only admins and managers can edit SANs on pending orders.
  • Editing domains does not change the cost of the order.
  • You can only replace a wildcard domain with another wildcard domain and a fully qualified domain name (FQDN) with another FQDN.
  • The total number of domains cannot exceed the number included in the original request.
  • Removed SANs can be added back for free, up to the amount purchased, any time after DigiCert issues your certificate.
  • To reduce the certificate cost, you must cancel the pending order. Then submit a new request without the SANs you no longer want the certificate to secure.

See for yourself

  1. In your CertCentral account, in the left main menu, go to Certificates > Orders.
  2. On the Orders page, select the pending order with the SANs you need to modify.
  3. On the certificate’s Order details page, in the Certificate status section, under What do you need to do, next to Prove control over domains, select the edit icon (pencil).

See Edit common name and SANs on a pending TLS/SSL order: new, renewals, and reissues.


CertCentral Services API: Edit SANs on a pending order and reissue

To allow you to modify SANs on pending new orders, pending renewed orders, and pending reissues in your API integrations, we added a new endpoint to the CertCentral Services API. To learn how to use the new endpoint, visit Edit domains on a pending order or reissue.

new

Upcoming scheduled maintenance

Some DigiCert services will be down for about 15 minutes during scheduled maintenance on August 6, 2022, 22:00 – 24:00 MDT (August 7, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The infrastructure-related maintenance starts at 22:00 MDT (04:00 UTC). At that time, the services listed below may be down, or experience delayed responses for approximately 15 minutes.

Affected services:

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

CertCentral Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

CertCentral Certificate Issuing Service (CIS) and Simple Certificate Enrollment Protocol (SCEP)

  • Requests submitted during this time will fail.
  • APIs will return a "503 Service is unavailable" error.
  • Failed requests should be resubmitted after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account.
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

What can I do?
Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Upcoming Schedule Maintenance

Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The services listed below will be down for a total of 20 minutes while we perform our infrastructure-related maintenance. The downtime consists of two 10-minute windows, one at the start and one at the end of the infrastructure-related work:

  • Start: 22:00 – 22:10 MDT (UTC -6)
  • End: 23:30 – 23:40 MDT (UTC -6)*

*The plan is to end our maintenance at approximately 23:30 MDT (UTC –6). However, if issues occur, we will need to end this work early, which means the second downtime may happen earlier than planned.


Affected services

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

QuoVadis® TrustLink® certificate issuance

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be queued and processed after services are restored

PKI Platform 8 new domain and organization validation

  • New domains submitted for validation during this time will be delayed.
  • New organizations submitted for validation during this time will be delayed.
  • Requests will be queued and processed after services are restored.


What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral: Improved DNS Certification Authority Authorization (CAA) resource records checking

DigiCert is happy to announce that we improved the CAA resource record checking feature and error messaging for failed checks in CertCentral.

Now, on the order’s details page, if a CAA resource record check fails, we display the check’s status and include improved error messaging to make it easier to troubleshoot problems.

Background

Before issuing an SSL/TLS certificate for your domain, a Certificate Authority (CA) must check the DNS CAA Resource Records (RR) to determine whether they can issue a certificate for your domain. A Certificate Authority can issue a certificate for your domain if one of the following conditions is met:

  • They do not find a CAA RR for your domain.
  • They find a CAA RR for your domain that authorizes them to issue a certificate for the domain.

How can DNS CAA Resource Records help me?

CAA resource records allow domain owners to control which certificate authorities (CAs) are allowed to issue public TLS certificates for each domain.

Learn more about using DNS CAA resource records

enhancement

CertCentral: Bulk domain validation support for DNS TXT and DNS CNAME DCV methods

DigiCert is happy to announce that CertCentral bulk domain validation now supports two more domain control validation (DCV) methods: DNS TXT and DNS CNAME.

Remember, domain validation is only valid for 397 days. To maintain seamless certificate issuance, DigiCert recommends completing DCV before the domain's validation expires.

Don't spend extra time submitting one domain at a time for revalidation. Use our bulk domain revalidation feature to submit 2 to 25 domains at a time for revalidation.

See for yourself

  1. In your CertCentral account, in the left main menu, go to Certificates > Domains.
  2. On the Domains page, select the domains you want to submit for revalidation.
  3. In the Submit domains for revalidation dropdown, select the DCV method you want to use to validate the selected domains.

See Domain prevalidation: Bulk domain revalidation.

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on June 4, 2022, 22:00 –24:00 MDT (June 5, 2022, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See DigiCert 2022 scheduled maintenance for scheduled maintenance dates and times.

Services will be restored as soon as the maintenance is completed.

new

Upcoming Schedule Maintenance

Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).

DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See the DigiCert 2022 maintenance schedule for maintenance dates and times.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral: Multi-year Plans are now available for Verified Mark Certificates

We are happy to announce that Multi-year Plans are now available for Verified Mark Certificates (VMCs) in CertCentral and CertCentral Services API.

DigiCert® Multi-year Plans allow you to pay a single discounted price for up to six years of Verified Mark Certificate coverage. With a Multi-year Plan, you pick the duration of coverage you want (up to six years). Until the plan expires, you reissue your certificate at no cost each time it reaches the end of its validity period.

Note: Depending on the length of your plan, you may need to revalidate your domain and organization multiple times during your Multi-year Plan.

Multi-year Plans for VMC in the Services API

In the Services API, when you submit an order request for a VMC, use the order_validity object to set the duration of coverage for your Multi-year Plan (1-6 years). For more information, see:

What is a Verified Mark Certificate?

Verified Mark Certificates (VMCs) are a new type of certificate that allows companies to place a certified brand logo next to the “sender” field in customer inboxes.

  • Your logo is visible before the message is opened.
  • Your logo acts as confirmation of your domain’s DMARC status and your organization’s authenticated identity.

Learn more about VMC certificates

new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

new

CertCentral: Domain locking is now available

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

  1. Enable domain locking for your account.
  2. Set up domain locking for a domain.
  3. Add the domain's unique verification token to the domain's DNS CAA resource record.
  4. Check the CAA record for the unique verification token.

To learn more, see:

new

End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™

From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.

If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.

Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.

How do I upgrade my account?

To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.

What happens if I don't upgrade my account to CertCentral?

After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.

For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.

Note: Maintenance will be one hour earlier for those who don't observe daylight savings.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral® TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral® SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis® TrustLink® certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored
  • Access to User Authorization Agent (UAA) services will be disabled: both the UAA Admin and User web portals

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Март 28, 2022

compliance

Starting March 28, 2022, all public S/MIME certificates will have a maximum validity period of 1,185 days. This change is to align with Apple policy updates and only applies to publicly trusted S/MIME certificates newly issued from CertCentral. Certificates issued before March 28 are not affected.

new

CertCentral: DNS CNAME DCV method now available for DV certificate orders

In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.

Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.

To use the DNS CNAME DCV method on your DV certificate order:

  • In CertCentral:
    • When ordering a DV TLS certificate, you can select DNS CNAME as the DCV method.
    • On the DV TLS certificate's order details page, you can change the DCV method to DNS CNAME Record.
  • In the Services API:
    • When requesting a DV TLS certificate, set the value of the dcv_method request parameter to dns‑cname‑token.

Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.

To learn more about using the DNS CNAME DCV method:

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral™ TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral™ SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis™ TrustLink™ certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

fix

CertCentral: Improved verified contact EV TLS certificate request approval process

In CertCentral and the CertCentral Services API, we updated the EV TLS certificate request process to only send the EV TLS request approval emails to the verified contacts you include on the certificate request.

Note: Before, when you requested an EV TLS certificate, we sent the EV order approval email to all the verified contacts for the organization.

Add verified contacts to an EV TLS certificate request:

  • CertCentral
    When requesting an EV TLS certificate, you can:
    • Keep the existing verified contacts assigned to the organization
    • Remove contacts (at least one is required)
    • Add new contacts (we must validate each new contact, which may delay certificate issuance).
  • Services API
    When requesting an EV TLS certificate, include the verified contacts in the organization.contacts array of the JSON request. For verified contacts, the value of the contact_type field is ev_approver.

To learn more about EV TLS certificate requests:

new

Account Security Feature: Approved User Email Domains

CertCentral Administrators can now specify what email domains users can create a CertCentral account for. This helps prevent emails from being sent to non-approved, generic email domains (@gmail.com, @yahoo.com), or domains owned by third parties. If a user attempts to set or change a user email address to a non-approved domain, they receive an error.

Find this setting in Settings > Preferences. Expand Advanced Settings, and look for the Approved email domains section.

Note: This does not affect existing users with non-approved email addresses. It only impacts new users and email changes made after configuring this setting.

new

Verified Mark Certificates (VMC): Three new approved trademark offices

We are happy to announce that DigiCert now recognizes three more intellectual property offices for verifying the logo for your VMC certificate. These new offices are in Korea, Brazil, and India.

New approved trademark offices:

Other approved trademark offices:

What is a Verified Mark Certificate?

Verified Mark Certificates (VMCs) are a new type of certificate that allows companies to place a certified brand logo next to the “sender” field in customer inboxes.

  • Your logo is visible before the message is opened.
  • Your logo acts as confirmation of your domain’s DMARC status and your organization’s authenticated identity. 

Learn more about VMC certificates.

fix

Bugfix: Code Signing (CS) certificate generation email sent only to CS verified contact

We fixed a bug in the Code Signing (CS) certificate issuance process where we were sending the certificate generation email to only the CS verified contact. This bug only happened when the requestor did not include a CSR with the code signing certificate request.

Now, for orders submitted without a CSR, we send the code signing certificate generation email to:

  • Certificate requestor
  • CS verified contact
  • Additional emails included with the order

Note: DigiCert recommends submitting a CSR with your Code Signing certificate request. Currently, Internet Explorer is the only browser that supports keypair generation. See our knowledgebase article: Keygen support dropped with Firefox 69.

enhancement

Improved Domains page, Validation status filter—Completed / Validated

On the Domains page, in the Validation status dropdown, we updated the Completed / Validated filter to make it easier to find domains with completed and active domain control validation (DCV).

Note: Before, when you searched for domains with Completed / Validated DCV, we returned all domains with completed DCV even if the domain validation had expired.

Now, when you search for domains with Completed / Validated DCV, we only return domains with completed and active DCV in your search results. To find domains with expired DCV, use the Expired filter in the Validation status dropdown.

Find domains with completed and active DCV

  1. In CertCentral, in the left main menu, go to Certificates > Domains.
  2. On the Domains page, in the Validation status dropdown, select Completed / Validated.
enhancement

CertCentral Services API: List domains enhancement

For the List domains API, we updated the filters[validation]=completed filter to make it easier to find domains validated for OV or EV certificate issuance.

Before, this filter returned all domains with completed DCV checks, even if the domain validation had expired. Now, the filter only returns domains with an active OV or EV domain validation status

enhancement

CertCentral Domains and Domain details pages: Improved domain validation tracking

We updated the Domains and Domain details pages to make it easier to track and keep your domains' validation up to date. These updates coincide with last year's industry changes to the domain validation reuse period*. Keeping your domain validation current reduces certificate issuance times: new, reissue, duplicate issues, and renewals.

*Note: On October 1, 2021, the industry reduced all domain validation reuse periods to 398 days. DigiCert implemented a 397-day domain validation reuse period to ensure certificates aren't issued using expired domain validation. For more information about this change, see our knowledge base article, Domain validation policy changes in 2021.

Domains page improvements

When you visit the Domains page (in the left main menu, select Certificates > Domains), you will see three new columns: DCV method, Validation status, and Validation expiration. Now you can view the domain control validation (DCV) method used to demonstrate control over the domain, the status of the domain's validation (pending, validated, expires soon, and expired), and when the domain validation will expire.

Because OV and EV validation reuse periods are the same, we streamlined the Validation status sorting feature. Instead of showing separate filters for OV validation and EV validation, we only show one set of filters:

  • Completed / Validated
  • Pending validation
  • Expires in 0 - 7 days
  • Expires in 0 - 30 days
  • Expires in 31 - 60 days
  • Expires in 61 - 90 days
  • Expired

Domain details page improvements

When you visit a domain's details page (on the Domains page, select a domain), you will now see a status bar at the top of the page. This status bar lets you view the domain's validation status, when the domain's validation expires, when the domain's validation was most recently completed, and the DCV method used to demonstrate control over the domain.

We also updated the Domain validation status section of the page. We replaced the separate entries for OV and EV domain validation statuses with one entry: domain validation status.

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on January 8, 2022, between 22:00 – 24:00 MST (January 9, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • If you use the APIs for immediate certificate issuance and automated tasks, expect interruptions.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on December 4, 2021, between 22:00 – 24:00 MST (December 5, 2021, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on November 6, 2021, between 22:00 – 24:00 MDT (November 7, 2021, between 04:00 – 06:00 UTC).


CertCentral infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance between 22:00 and 22:10 MDT (04:00 and 04:10 UTC). Then, for approximately 30 minutes, the following services will be down:

DV certificate issuance for CertCentral, ACME, and ACME agent automation

  • DV certificate requests submitted during this time will fail
  • APIs will return a "cannot connect" error
  • Failed requests should be resubmitted after services are restored

CIS and SCEP

  • Certificate Issuing Service (CIS) will be down
  • Simple Certificate Enrollment Protocol (SCEP) will be down
  • DigiCert will be unable to issue certificates for CIS and SCEP
  • APIs will return a "cannot connect" error
  • Requests that return "cannot connect" errors should be resubmitted after services are restore

QuoVadis TrustLink certificate issuance

  • TrustLink certificate requests submitted during this time will fail
  • However, failed requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored, as required

This maintenance only affects DV certificate issuance, CIS, SCEP, and TrustLink certificate issuance. It does not affect any other DigiCert platforms or services .


PKI Platform 8 maintenance

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC). Then, for approximately 30 minutes, the PKI Platform 8 will experience service delays and performance degradation that affect:

  • Signing in and using your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • Using any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • Performing certificate lifecycle tasks/operations:
    • Enrolling certificates: new, renew, or reissues
    • Adding domains and organizations
    • Submitting validation requests
    • Viewing reports, revoking certificates, and creating profiles
    • Adding users, viewing certificates, and downloading certificates
  • Certificate issuance for PKI Platform 8 and its corresponding API.

Additionally:

  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.


Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 20 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 60 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete our maintenance.

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

new

CertCentral Services API: Get orders by alternative order ID

We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id you provide in the URL path.

new

Upcoming Schedule Maintenance

On August 7, 2021, between 22:00 – 24:00 MDT (August 8, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Verified Mark Certificates available now.

Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.

To disable or change availability of VMC in your account, visit the Product Settings page.

Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.

new

CertCentral Services API: Verified Mark Certificate enhancements

To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.

New endpoints:

Updated endpoints:

  • Order info
    We updated the Order info endpoint to return a vmc object with the trademark country code, registration number, and logo information for VMC orders.
  • Email certificate
    We updated the Email certificate endpoint to support emailing a copy of your issued VMC.

To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.

new

Upcoming schedule maintenance

On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.

Service downtime

From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:

  • CertCentral / Services API
  • Direct Cert Portal / API
  • ACME
  • Discovery / API
  • ACME agent automation / API

API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.

Service interruptions

During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:

  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • DigiCert ONE
  • Automation service
  • CT Log monitoring
  • Vulnerability assessment
  • PCI compliance scans

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • QuoVadis TrustLink

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Upcoming scheduled maintenance

On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming scheduled maintenance

On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral Services API: Site seal enhancements

To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:

  • New endpoint: Upload site seal logo
    We added a new endpoint – Upload site seal logo – you can use to upload your company logo for use with a DigiCert Smart Seal. This logo appears in the site seal on your website. Note: Only Secure Site and Secure Site Pro SSL/TLS certificates support the option to display your company logo in the site seal.
  • New endpoint: Update site seal settings
    We added a new endpoint – Update site seal settings – you can use to change the appearance of your site seal and the information that displays on the site seal information page.
  • Updated endpoint: Get site seal settings
    We updated the Site seal settings endpoint to return information about each property you can customize with the Update site seal settings endpoint.

Related topics:

new

Upcoming scheduled maintenance

On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services

For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8 / API
  • PKI Platform 8 SCEP
  • PKI Platform 7 / API
  • PKI Platform 7 SCEP
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral: New purchase order and invoice system

We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.

The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.

Pay invoices page

When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.

Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.

Purchase orders and invoices page

On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.

Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.

In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.

Existing PO and Invoice migration

  • Autogenerated invoices
    When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds).
  • Invoices generated from approved purchase orders
    When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
enhancement

CertCentral Services API: View balance enhancements

To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:

  • unpaid_invoice_balance
    Unpaid invoice balance
  • negative_balance_limit
    Amount the balance can go into the negative
  • used_credit_from_other_containers
    Amount owed by other divisions in the account (for accounts with separate division funds enabled)
  • total_available_funds
    Total funds available for future purchases

Example response: 

Example response from the View balance endpoint

For more information, see the documentation for the View balance endpoint.

new

Upcoming scheduled maintenance

On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?

Please plan accordingly.

  • Schedule your high-priority orders, renewals, and reissues around the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Предстоящее плановое техническое обслуживание

6 февраля 2021 г. с 22:00 до 24:00 MST (07 февраля 2021 г. с 05:00 до 07:00 UTC, DigiCert будет проводить критически важное техническое обслуживание.

Во время обслуживания перечисленные ниже службы будут отключены приблизительно в течение 60 минут. Тем не менее, в связи с объемом выполняемых работ могут возникнуть дополнительные перерывы в работе служб в течение двух часов.

Вы не сможете авторизоваться на этих платформах и получить доступ к этим службам и API:

  • CertCentral / API служб
  • Direct Cert Portal / Direct Cert Portal API
  • Служба выпуска сертификатов (CIS)
  • Простой протокол регистрации сертификатов (SCEP)
  • Discovery / API
  • ACME
  • Автоматизация агентов ACME / API

DigiCert не сможет выдавать сертификаты для этих служб и API:

  • CertCentral / API служб
  • Direct Cert Portal / Direct Cert Portal API
  • Служба выпуска сертификатов (CIS)
  • Простой протокол регистрации сертификатов (SCEP)
  • Полная безопасность веб-сайтов (CWS) / API
  • Managed PKI для SSL (MSSL) / API
  • QV Trust Link

На работу этих служб не повлияет проведение технического обслуживания:

  • PKI Platform 8
  • PKI Platform 7
  • Менеджеры DigiCert ONE

Примечание по API:

  • Службы по обработке транзакций, связанных с сертификатами, будут недоступны, например, размещение запросов на сертификаты, добавление доменов и размещение запросов на подтверждение полномочий.
  • API-интерфейсы будут выдавать ошибки в связи с “невозможностью установления соединения”.
  • Запросы на сертификаты, размещаемые в течение данного периода, и в ответ на которые появляется сообщение об ошибке "Невозможно подключиться", необходимо будет разместить повторно после восстановления работы служб.

Что я могу сделать?

Планируйте свою деятельность соответствующим образом:

  • Не планируйте размещать заказы с высоким приоритетом, продления сроков действия или перевыпуск на этот период проведения технического обслуживания.
  • Учитывайте перерывы в работе, если вы используете API для мгновенного выпуска сертификатов и автоматизированных задач.
  • Подпишитесь на станицу Статус DigiCert для получения обновлений в реальном времени.
  • См. График обслуживания DigiCert на 2021 г. Для ознакомления с датами и временем проведения планового технического обслуживания.

Предоставление услуг будет восстановлено сразу после завершения обслуживания.

enhancement

CertCentral: Улучшенная страница «Организации»

Чтобы облегчить поиск ваших организаций на странице  «Организация», мы теперь выводим три новых раздела с информацией о каждой организации. Эта дополнительная информация может понадобиться, если у вас есть организации с похожими или одинаковыми названиями:

  • Идентификатор
  • Присвоенное наименование (если используется)
  • Адрес

На странице Организации появится столбец Орг. № с идентификатором организации. Под названиями будут отображаться также адреса организаций. А если вы используете присвоенное наименование организации, вы увидите его в скобках рядом с названием организации.

Примечание: Ранее для просмотра этой информации необходимо было щелкнуть по названию организации и открыть страницу сведений о ней.

Для ознакомления с дополнительной информацией об организациях в CertCentral см. раздел Управление организациями.

enhancement

CertCentral: Улучшен параметр добавления организации в формы запроса на сертификат OV/EV

Чтобы упростить процесс размещения заказа на сертификат TLS/SSL для организации в вашей учётная запись, мы обновили параметр  Добавить организацию  в формах запроса на сертификат OV и EV.

Для учётная запись, выпускающих сертификаты как минимум для 10 организаций, теперь отображаются три новых раздела с информацией об организации. Эта информация может понадобиться, если у вас есть организации с похожими или одинаковыми названиями:

  • Присвоенное наименование (если используется)
  • Идентификатор организации
  • Адрес

Мы также добавили возможность вводить название организации, которую вы ищете.

Убедитесь сами

В следующий раз, когда вы будете запрашивать сертификат OV или EV TLS/SSL, нажмите Добавить организацию. В раскрывающемся списке Организация, вы увидите следующую информацию об организации: название, присвоенное наименование (если используется), ID и адрес. Можно также ввести название организации.

enhancement

Страница заказов CertCentral: Новые параметры поиска

На странице «Заказы» мы добавили два новых параметра поиска:

  • Серийный номер сертификата
  • Дополнительные адреса электронной почты*

В следующий раз при поиске заказа используйте серийный номер сертификата или дополнительный адрес электронной почты, чтобы найти заказ на сертификат.

*Примечание: При размещении запроса на сертификат или после отправки запроса вы можете добавить адреса электронной почты в заказ на сертификат. Это позволяет другим лицам получать электронные письма с уведомлением о сертификате по данному заказу, например, электронные сообщения о выпуске сертификата.

Для использования новых фильтров поиска

  1. В левой части главного меню перейдите к Сертификаты > Заказы.
  2. На странице «Заказы» в поле Поиск, введите серийный номер сертификата или дополнительный адрес электронной почты в заказ.
  3. Нажмите Перейти.
new

CertCentral Services API: Новые конечные точки «Подробные данные заказа на единицы» и «Отменить заказ на единицы»

Мы рады сообщить о том, что добавили две новые конечные точки в CertCentral Services API: Подробные данные заказа на единицы и Отменить заказ на единицы.

Эти конечные точки позволяют получать информацию о заказе на единицы и отменять заказ на единицы.

Отмена заказа на единицы:

  • Можно отменить заказ только в течение тридцати дней с момента его размещения.
  • Нельзя отменить заказ на единицы, если с указанной в заказе субучётная запись были потрачены какие-либо единицы.

Если вы управляете субучётная запись, в который используются единицы в качестве метода оплаты, теперь вы можете использовать Services API для выполнения следующих задач:

enhancement

CertCentral Services API: Улучшены конечные точки «Список продуктов», «Ограничения для продуктов» и «Информация о продукте»

Чтобы упростить поиск сроков действия доступных заказов для цифровых сертификатов в вашей учётная запись, мы добавили новые параметры ответа в конечные точки «Список продуктов», «Ограничения для продуктов» и «Информация о продукте».

Эти новые параметры отклика позволяют просматривать заданные по умолчанию и настраиваемые ограничения срока действия заказов для каждого продукта в вашей учётная запись.

Конечная точка списка продуктов

Параметр allowed_order_validity_years отображает список поддерживаемых периодов действия заказов для каждого продукта в вашей учётная запись.

Конечная точка ограничений для продуктов

Параметр allowed_order_lifetimes отображает список настраиваемых ограничений срока действия заказов для пользователей с различными назначениями подразделений и ролей пользователей в вашей учётная запись.

Конечная точка информации о продукте

  • Параметр allowed_order_validity_years отображает список сроков действия заказа, доступных при запросе сертификата.
  • Параметр custom_order_expiration_date_allowed отображает булево значение, описывающее, можно ли задать настраиваемую дату истечения срока действия заказа при размещении запроса на сертификат.
enhancement

CertCentral Services API: Улучшена конечная точка «Информация о заказах субучётная запись»

Чтобы облегчить поиск информации о сроках действия распоряжений по заказам субучётная запись, мы добавили новые параметры ответа в конечную точку Информация о заказах субучётная запись. Эти новые параметры ответа позволяют просмотреть начальную дату заказа, конечную дату заказа, а также определить, подразумевает ли заказ план долгосрочного обслуживания.

  • Параметр is_multi_year_plan отображает "1", если заказ подразумевает план долгосрочного обслуживания.
  • Параметр order_valid_from отображает начальную дату периода действия заказа.
  • Параметр order_valid_till отображает конечную дату периода действия заказа.

Пример ответа с новыми параметрами

Subaccount order updates

new

CertCentral Services API: Обновите настройки уведомления о продлении срока действия

Мы добавили новую конечную точку в контракт CertCentral Services API: Обновите настройки уведомления о продлении срока действия. С помощью этой конечной точки можно включить или отключить уведомления о продлении срока действия заказа на сертификат. 

Для ознакомления с более подробной информацией изучите справочную информацию для этой конечной точки в документации Services API: