筛选方式: DV SSL certificates x 清除
enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

new

CertCentral 服务 API:文档更新

我们在 DV 证书订单的 CertCentral 服务 API 文档中新增了一个请求参数:use_auth_key. 在具有现有 AuthKey 的帐户中,该参数允许您在提交 DV 证书订单时选择是否检查 DNS 记录中的 AuthKey 请求令牌。

默认情况下,如果您的帐户存在 AuthKey,则在订购 DV 证书之前,必须在 DNS 记录中添加 AuthKey 请求令牌。AuthKey 请求令牌可用于颁发中间证书,减少证书生命周期管理所需的时间。但是,您有时可能需要使用电子邮件验证或 DigiCert 生成的令牌确认对域的控制权。在这些情况下,use_auth_key参数允许您禁止在订单级别检查 AuthKey 请求令牌,因此您可以使用其他方法证明对域的控制权。有关域控制验证 (DCV) 的更多信息,请参阅域控制验证 (DCV) 方法

如需对 DV 证书订单禁用 AuthKey 验证方法,请在请求的 JSON 有效负载中包括use_auth_key参数。例如:

use_auth_key sample

以下端点支持use_auth_key参数:

有关使用 AuthKey 立即颁发 DV 证书的信息,请参阅立即颁发 DV 证书

注意:对于 Encryption Everywhere DV 证书,在请求中忽略use_auth_key参数。请求 Encryption Everywhere DV 证书均要求提供 AuthKey 请求令牌进行 DCV 检查。而且,OV 和 EV SSL 产品不支持use_auth_key请求参数。

enhancement

CertCentral:自动 DCV 检查 - DCV 轮询

我们很高兴宣布,我们改进了域控制验证 (DCV) 流程,并针对 DNS TXT、DNS CNAME 和 HTTP 实用演示 (FileAuth) DCV 方法新增了自动检查。

这意味着,将 fileauth.txt 文件放置在域上或在 DNS TXT 或 DNS CNAME 记录中添加随机值后,您无需登录 CertCentral 自行进行检查。我们将自动运行 DCV 检查。但是,如有需要,您仍然可以手动进行检查。

DCV 轮询频率

提交公共 SSL/TLS 证书订单、提交域进行预验证或更改域的 DCV 方法后,将立即启动 DCV 轮询并运行一周。

  • 间隔 1 - 前 15 分钟每分钟一次
  • 间隔 2 - 每 5 分钟一次,持续 1 小时
  • 间隔 3 - 每 15 分钟一次,持续 4 小时
  • 间隔 4 - 每小时一次,持续 1 天
  • 间隔 5 - 每 4 小时一次,持续 1 周*

*间隔 5 结束后停止检查。如果在第一周结束后还未将 fileauth.txt 文件放置在域上或在 DNS TXT 或 DNS CNAME 记录中添加随机值,则需要您自行进行检查。

有关支持的 DCV 方法的更多信息: