筛选方式: DCV x 清除

三月 10, 2022

Services API DCV CertCentral New CNAME DV Certificates domain control validation
new

CertCentral: DNS CNAME DCV method now available for DV certificate orders

In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.

Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.

To use the DNS CNAME DCV method on your DV certificate order:

  • In CertCentral:
    • When ordering a DV TLS certificate, you can select DNS CNAME as the DCV method.
    • On the DV TLS certificate's order details page, you can change the DCV method to DNS CNAME Record.
  • In the Services API:
    • When requesting a DV TLS certificate, set the value of the dcv_method request parameter to dns‑cname‑token.

Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.

To learn more about using the DNS CNAME DCV method:

三月 8, 2022

domains Services API DCV pre-validation
enhancement

CertCentral Services API: Improved List domains endpoint response

To make it easier to find information about the domain control validation (DCV) status for domains in your CertCentral account, we added these response parameters to domain objects in the List domains API response:

  • dcv_approval_datetime: Completion date and time of the most recent DCV check for the domain.
  • last_submitted_datetime: Date and time the domain was last submitted for validation.

For more information, see the reference documentation for the List domains endpoint.

十一月 16, 2021

File api OV SSL certificates DCV CertCentral domain validation DV SSL certificates http token HTTP Practical Demonstration EV SSL certificates tls certificates FileAuth Services API SSL certificates domain control validation wildcard domains http auth SC45 domain prevalidation file-based DCV
compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

九月 8, 2021

DCV expiration dates OV validation list domains domain info DCV CertCentral domain validation API filters list subaccount domains expiring domains count Services API
enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.

New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

七月 22, 2020

documentation api TLS 1.0 TLS 1.1 browsers DCV certcentral compliance Services API DV certificate issuance error messages CertCentral Partners Multi-year plan MyP
new

现在已推出多年计划

我们很高兴宣布,CertCentral 和 CertCentral 合作伙伴现已推出多年计划。

购买 DigiCert® 多年计划,您只需支付一次优惠价就能享用长达六年的 SSL/TLS 证书保障。在多年计划中,您选择 SSL/TLS 证书、证书的保障期限(最多六年)以及证书有效期。在计划到期前,每次在有效期满时,都可以免费补发证书。

从 2020 年 9 月 1 日开始,SSL/TLS 证书的最长有效期将从 825 天缩短为 397 天。当有效的多年计划证书即将到期时,可以补发证书以维持 SSL/TLS 保障。

compliance

浏览器支持终止 TLS 1.0 和 1.1

四大浏览器将终止支持传输层安全性 (TLS) 1.0 和 1.1。

须知事项

此更改不影响您的 DigiCert 证书。您的证书将仍然像以前一样工作。

此更改影响依赖于 TLS 1.0 或 1.1 的浏览器依赖性服务和应用程序。一旦浏览器终止支持 TLS 1.0 或 1.1,这些过时的系统将无法建立 HTTPS 连接。

所需操作

如果您受此更改的影响,且您的系统支持更新版本的 TLS 协议,请尽快将服务器配置升级到 TLS 1.2 或 TLS 1.3。

如果不升级到 TLS 1.2 或 1.3,您的网络服务器、系统或代理将无法使用 HTTPS 与证书建立安全通信。

浏览器 TLS 1.0/1.1 弃用信息

Firefox 78,2020 年 6 月 30 日发布

Safari 13.1,2020 年 3 月 24 日发布

Chrome 84,2020 年 7 月 21 日发布

Edge v84,2020 年 7 月 16 日发布

有用资源

由于有许多特殊的系统依赖于 TLS,因此我们无法涵盖所有升级路径,但下面提供了一些可能有用的参考资源:

enhancement

CertCentral 服务 API:更新了错误消息文档

在服务 API 文档中,我们更新了错误 页面,其中包含下面相关的错误描述:

  • 立即颁发 DV 证书
  • 域控制验证 (DCV)
  • 证书颁发机构 (CAA) 资源记录检查

今年早些时候,我们改进了面向 DV 证书订单和 DCV 请求的 API,当 DCV、文件授权、DNS 查找或 CAA 资源记录检查失败时提供更加详细的错误消息。现在,当您收到其中一条错误消息时,请检查错误页面以获取更多疑难解答信息。

有关更多信息

七月 31, 2019

DCV IPv4 IP addresses HTTP Practical Demonstration IPv6 compliance
compliance

行业标准变更

从 2019 年 7 月 31 日 (19:30 UTC) 开始,您必须使用 HTTP 实用演示 DCV 方法演示对证书订单上的 IP 地址的控制权。

有关 HTTP 实用演示 DCV 方法的更多信息,请参阅这些说明:

行业标准过去允许使用其他 DCV 方法证明对 IP 地址的控制权。但是,随着投票 SC7 的通过,IP 地址验证法规已更改。

投票 SC7:更新 IP 地址验证方法

该投票重新定义了验证客户对证书中所列 IP 地址控制权的允许流程和程序。投票 SC7 合规性更改从 2019 年 7 月 31 日 (19:30 UTC) 开始生效。

为了保持合规,从 2019 年 7 月 31 日 (19:30 UTC) 开始,DigiCert 仅允许客户使用 HTTP 实用演示 DCV 方法验证 IP 地址。

移除对 IPv6 的支持

从 2019 年 7 月 31 日 (19:30 UTC) 开始,DigiCert 移除了对 IPv6 地址证书的支持。由于服务器限制,DigiCert 无法连接到 IPv6 地址以验证在客户的 HTTP 实用演示 DCV 方法网站上放置的文件。

一月 10, 2019

certificate DCV certcentral-ui bug fix
fix

我们修复了在您对证书订单上的域完成验证后,SSL/TLS 证书订单编号详细信息页面和订单详情面板不显示已完成域控制验证的错误。

注意:该错误不会妨碍在您完成域控制验证后颁发您的证书订单。

现在,当您对订单上的域完成域控制验证后,该订单的订单编号详细信息页面和订单详情面板显示已完成域验证。

(在侧栏菜单中,单击证书 > 订单。在证书订单的订单页面的订单编号列,单击订单编号或快速查看链接。

简介

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.