筛选方式: DV Certificates x 清除
enhancement

CertCentral Services API: Improved Revoke order certificates and Revoke certificate endpoints

In the DigiCert Services API, we updated the Revoke order certificates and Revoke certificate endpoints, enabling you to skip the approval step when revoking a certificate.

Note: Previously, the approval step was required and could not be skipped.

We added a new optional parameter, "skip_approval": true, that allows you to skip the approval step when submitting a request to revoke one certificate or all certificates on an order.

Note: For skip approvals to work for certificate revoke requests, the API key must have admin privileges. See Authentication.

Now, on your revoke certificate and revoke order certificate requests, you can skip the approval step and immediately submit the request to DigiCert for certificate revocation.

Example request for the revoke certificate and revoke order certificates endpoints

Example revoke certificate request with skip_approval parameter

fix

Bug fix: DV certificate issuance emails did not respect certificate format settings

We fixed a bug in the DV certificate issuance process where the Your certificate for your-domain email notification did not deliver the certificate in the format specified in your account settings.

Note: Previously, we included a certificate download link in all DV certificate issued email notifications.

Now, when we issue your DV certificate order, the email delivers the certificate in the format specified in your account's Certificate Format settings.

Configure certificate format for certificate issuance emails

In the left main menu, go to Settings > Preferences. On the Division Preferences page, expand Advance Settings. In the Certificate Format section, select the certificate format: attachment, plain text, or download link. Click Save Settings.

new

Discovery now available in all CertCentral accounts

We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.

Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.

By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.

Cloud scan

Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.

Sensor scan

Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.

Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.

  • To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
  • To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.
new

Discovery audit logs

Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.

To make it easier to sort through the information in the Discover audit logs, we've include several filters:

  • Date range
  • Division
  • User
  • IP Address
  • Actions
    (e.g., void sensor, delete scan, etc.)

To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.

new

Discovery language support

As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.

Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.

To configure your language preference

In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.

See CertCentral language preferences.

fix

Bug fix: DV certificate orders did not honor Submit base domains for validation account setting

We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.

Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.

Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.

To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.

fix

Bug fix: DV certificate not attached to email notification

We fixed a bug in the DV certificate issuance process where we weren't attaching a copy of the DV certificate to the Your certificate for your-domain email notification. As a temporary fix to this issue, we now include a certificate download link in the DV certificate email notification.

Note: After DigiCert issues a certificate, it is immediately available in your CertCentral account.

To use the download link in the email, you must have access to the CertCentral account and have permissions to access the certificate order.

If an email recipient doesn't have access to the account or to the certificate order, you can email them a copy of the DV certificate from your CertCentral account. See our instructions for how to email a DV certificate from your CertCentral account.

enhancement

Legacy partner account upgrades to CertCentral

In the DigiCert Service API, we updated the—DigiCert order ID—to make it easier to find the corresponding DigiCert order IDs for your migrated legacy GeoTrust TLS/SSL certificate orders.

Now, you can use the GeoTrust order ID* to access the DigiCert order ID for your GeoTrust certificate orders. Additionally, when using the GeoTrust order ID, we return the most current DigiCert certificate order ID.

*Note: In the legacy partner accounts, you only have access to the GeoTrust order ID for your GeoTrust TLS/SSL certificate orders.

Background

After you migrate your active, public SSL/TLS certificate orders to your new account, we assign a unique DigiCert order ID to each migrated legacy SSL/TLS certificate order.

For more information:

fix

我们修复了 DV 证书补发错误,以前对于还剩一年以上时间才到期的证书,我们不会保留原始证书订单上的到期日期。

现在,当您补发还剩一年以上时间才到期的 DV 证书时,补发的证书将保留原始证书上的到期日期。

enhancement

在 DigiCert 服务 API 中,我们改进了 DV 证书请求端点,您可以更准确地使用新的 email_domain 字段以及现有的 email 字段设定域控制验证 (DCV) 电子邮件的目标接收人。

例如,为 my.example.com 订购证书时,您可以要求基域 (example.com) 的域所有者验证子域。要更改 DV 电子邮件的接收人,请在您的 DV 证书请求中添加 dcv_emails 参数。然后添加 email_domain 字段指定基域 (example.com),添加 email 字段指定所需 DCV 电子邮件接收人的电子邮件地址 (admin@example.com)。

GeoTrust Standard DV 证书请求示例

DV 证书端点:

enhancement

我们改进了 DV 证书。您现在可以续订 DV 证书订单,而保留原来的订单编号。

以前,当 DV 证书订单临近到期日期时,您必须为即将到期的订单上的域订购新证书。

注意:DV 证书不支持域预验证。续订 DV 证书时,您必须证明对续订订单上的域的控制权。

DV 证书注册指南中,请参阅续订 DV 证书

enhancement

我们已将 CertCentral DV 证书注册指南移动到了 https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/

该指南的 PDF 版本仍然可用(请参阅引言页面底部的链接)。

此外,我们更新并添加了说明以介绍在 CertCentral 中支持的 DV 证书的 DCV 方法。

  • 新增了域控制验证 (DCV) 说明
    • 使用电子邮件 DCV 方法
    • 使用 DNS TXT DCV 方法
    • 使用文件 DCV 方法
    • 文件 DCV 方法常见错误
  • 更新了订购 DV 证书说明
    • 订购 RapidSSL Standard DV 证书
    • 订购 RapidSSL Wildcard DV 证书
    • 订购 GeoTrust Standard DV 证书
    • 订购 GeoTrust Wildcard DV 证书
    • 订购 GeoTrust Cloud DV 证书
  • 更新了补发 DV 证书说明
    • 补发 RapidSSL Standard DV 证书
    • 补发 RapidSSL Wildcard DV 证书
    • 补发 GeoTrust Standard DV 证书
    • 补发 GeoTrust Wildcard DV 证书
    • 补发 GeoTrust Cloud DV 证书
new

我们向 DV 证书订单补发页面新增了两个域控制验证 (DCV) 方法:DNS TXT 和文件。

注意:以前(除非您使用 DigiCert 服务 API),您只能使用电子邮件 DCV 方法证明对您的 DV 证书订单上的域的控制权。

现在,当您订购补发 DV 证书时,您可以选择 DNS TXT、文件或电子邮件作为 DCV 方法以完成该订单的域验证。

new

我们在 DV 证书订单编号详细信息页面上新增了证明对域的控制权功能。

以前,您无法在 DV 证书订单编号详细信息页面上执行任何操作以完成域验证。

现在,您可以执行更多操作以完成该订单的域验证:

  • 使用 DNS TXT、电子邮件和文件 DCV 方法
  • 重新发送/发送 DCV 电子邮件并选择收件人的电子邮件地址
  • 验证域的 DNS TXT 记录
  • 验证域的 fileauth.txt 文件
  • 选择与在订购证书时所选的 DCV 方法不同的 DCV 方法

(在侧栏菜单中,单击证书 > 订单。在 DV 证书订单的订单页面的订单编号列,单击订单编号。)

enhancement

我们改进了 DV 证书的证书编号详细信息页面的证书详细信息部分,添加了额外的 DV 证书信息:序列号拇指指纹

注意:该改进功能不可追溯。该新信息仅对在 2019 年 1 月 15 日 UTC 时间 17:00 之后下达的订单显示。

(在侧栏菜单中,单击证书 > 订单。在 DV 证书订单的订单页面的订单编号列,单击订单编号。)

enhancement

我们改进了获取订单详细信息端点,可以在响应中返回 DV 证书的拇指指纹和序列号。

{
"id":"12345",
"证书":{
"id":123456,
"拇指指纹":"{{拇指指纹}}",
"serial_number":"{{serial_number}}
...
}

注意:该改进功能不可追溯。仅对在 2019 年 1 月 15 日 UTC 时间 17:00 之后下达的订单返回拇指指纹和序列号。

有关更多信息,请参阅 DigiCert 服务 CertCentral API 文件中的获取订单详细信息端点。

enhancement

我们改进了 RapidSSL DV 证书组合,您可以在这些单域证书中包括第二个特定域。

  • RapidSSL Standard DV
    现在在订购 RapidSSL Standard DV 证书时,您将默认获得证书中的两个公用名版本 -[your-domain].com 和 www.[your-domain].com。
    输入公用名后,确保选中在证书中同时包括 www.[your-domain].com 和[your-domain].com 框。
    以前,您必须分别订购单独的证书:[your-domain].com 和 www.[your-domain].com。
  • RapidSSL Wildcard DV
    现在在订购 RapidSSL Wildcard DV 证书时,您将默认获得证书中的通配符域和基域 - *.[your-domain].com 和[your-domain].com。
    输入公用名后,确保选中在证书中同时包括 *.[your-domain].com 和[your-domain].com 框。
    以前,您必须分别订购单独的证书:*.[your-domain].com 和[your-domain].com。

请参阅 CertCentral:DV 证书注册指南

enhancement

我们改进了 RapidSSL 证书端点以包括 dns_names 参数,您可以在这些单域证书中包括第二个特定域。

  • RapidSSL Standard DV
    现在在订购 RapidSSL Standard DV 证书时,您可以在证书中包括两个域版本 -[your-domain].com 和 www.[your-domain].com。
    "common_name": "[your-domain].com",
    "dns_names":["www.[your-domain].com"],

    以前,您必须订购单独的证书:[your-domain].com 和 www.[your-domain].com。
  • RapidSSL Wildcard DV
    现在在订购 RapidSSL Wildcard DV 证书时,您可以在证书中包括基域 - *.[your-domain].com 和[your-domain].com)。
    "common_name": "*.your-domain.com",
    "dns_names":["[your-domain].com"],

    以前,您必须订购单独的证书:*.[your-domain].com 和[your-domain].com。

有关 DigiCert 服务 API 文件,请参阅 CertCentral API

new

个人文档签名证书在 CertCentral 中可用:

  • 文档签名 - 个人 (500)
  • 文档签名 - 个人 (2000)

要对您的 CertCentral 帐户启用个人文档签名证书,请联系您的销售代表。

以前只提供组织文档签名证书。

  • 文档签名 - 组织 (2000)
  • 文档签名 - 组织 (5000)

欲了解有关这些证书的更多信息,请参阅文档签名证书

enhancement

我们改进了订单页面上的订单报告功能(在侧栏菜单中,单击证书 > 订单)。现在,当您运行报告时(单击订单报告),它将包括您的 DV SSL 证书订单。

new

RapidSSL 和 GeoTrust DV 证书在 CertCentral 中可用:

  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • GeoTrust Standard DV
  • GeoTrust Wildcard DV

文档