CertCentral: Improved Organizations page
To make it easier to find your organizations on the Organization page, we now display three new pieces of information about each organization. This additional information is helpful when you have organizations with similar or identical names:
On the Organizations page, you will now see an Org # column with the organization's ID. You will also see the organization addresses displayed below the names. And, if you use the organization's assumed name, you will see it in parentheses next to the organization name.
Note: Previously, the only way to view this information was to click the organization name and open the organization's details page.
For more information about organizations in CertCentral, see Manage organizations.
CertCentral: Improved add organization option on OV/EV certificate request forms
To make it easier to order a TLS/SSL certificate for an organization in your account, we updated the Add organization option in the OV and EV certificate request forms.
For accounts that issue certificates for 10 or more organizations, we now display three new pieces of organization information. This information is helpful when you have organizations with similar or identical names:
We also added the ability to type the name of the organization you are searching for.
See for yourself
The next time you request an OV or EV TLS/SSL certificate, click Add organization. In the Organization dropdown, you will see the following organization information: name, assumed name (if used), ID, and address. You can also type the organization name.
CertCentral Services API: Improved Domain emails endpoint
To make it easier to find the DNS TXT email addresses that receive validation emails from DigiCert for email-based domain control validation (DCV), we added a new response parameter to the Domain emails endpoint:
dns_txt_emails parameter returns a list of email addresses found in the DNS TXT record for the domain. These are the email addresses we find in the DNS TXT record on the
_validation-contactemail subdomain of the domain being validated.
Example response with new parameter:
To learn more about the newly supported email to DNS TXT contact DCV method:
For information about validating the domains on DV certificate orders:
For information about validating the domains on OV/EV certificate orders:
CertCentral: Email to DNS TXT contact DCV method
We are happy to announce that DigiCert now supports sending an email to a DNS TXT contact for email-based domain control validation (DCV). This means you can add email addresses to the DNS TXT record for your domain. DigiCert automatically searches the DNS TXT records and sends the DCV email to those addresses. An email recipient needs to follow the instructions in the email to demonstrate control over the domain.
Note: Previously, DigiCert only sent DCV emails to WHOIS-based and constructed email addresses.
Contact information is becoming increasingly inaccessible in WHOIS records due to privacy policies and other constraints. With the passing of Ballot SC13, the Certificate Authority/Browser (CA/B) forum added Email to DNS TXT contact to the list of supported DCV methods.
DNS TXT record email contacts
To use email to Email to DNS TXT contact DCV method, you must place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. DigiCert automatically searches WHOIS and DNS TXT records and sends the DCV email to the addresses found in those records.
_validation-contactemail.example.com | Default | email@example.com
The RDATA value of this text record must be a valid email address. See section B.2.1 DNS TXT Record Email Contact in the Appendix of the baseline requirements.
For more information about Ballot SC13, the CA/Browser forum, and the email to DNS TXT contact DCV method:
CertCentral Services API: Added DCV tokens for new domains to response data for OV and EV certificate orders
We've updated the endpoints for ordering public OV and EV SSL certificates to return the domain control validation (DCV) request tokens for new domains on the order.
Now, when you request an OV or EV certificate, you no longer have to issue separate requests to get the DCV request tokens for the new domains on the order. Instead, you can get the tokens directly from the response data for the order request.
Example response data:
dcv_token object is not returned for domains that will be validated under the scope of another domain on the order, for domains that already exist in your account, or for subdomains of existing domains.
This update applies to the following endpoints:
ICA certificate chain selection for public OV and EV flex certificates
We are happy to announce that public OV and EV certificates with flex capabilities now support Intermediate CA certificate chain selection.
You can add an option to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues your public OV and EV "flex" certificates.
This option allows you to:
Configure ICA certificate chain selection
To enable ICA selection for your account, contact your account manager or our Support team. Then, in your CertCentral account, on the Product Settings page (in the left main menu, go to Settings > Product Settings), configure the default and allowed intermediates for each type of OV and EV flex certificate.
For more information and step-by-step instructions, see ICA certificate chain option for public OV and EV flex certificates.
DigiCert Services API support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your API integrations:
ca_cert_idparameter in the body of your order request
Example flex certificate request:
For more information about using ICA selection in your API integrations, see OV/EV certificate lifecycle – (Optional) ICA selection.
CertCentral: Automatic DCV checks – DCV polling
We are happy to announce we've improved the domain control validation (DCV) process and added automatic checks for DNS TXT, DNS CNAME, and HTTP practical demonstration (FileAuth) DCV methods.
This means, once you've placed the fileauth.txt file on your domain or added the random value to your DNS TXT or DNS CNAME records, you don't need to worry about signing in to CertCentral to run the check yourself. We will run the DCV check automatically. Although, you can still run a manual check, when needed.
DCV polling cadence
After submitting your public SSL/TLS certificate order, submitting a domain for prevalidation, or changing the DCV method for a domain, DCV polling begins immediately and runs for one week.
*After Interval 5, we stop checking. If you have not placed the fileauth.txt file on your domain or added the random value to your DNS TXT or DNS CNAME records by the end of the first week, you will need to run the check yourself.
For more information about the supported DCV methods:
我们新增了一个证书配置文件选项“OCSP Must-Staple”，您可以在 OV 和 EV SSL/TLS 证书中包括 OCSP Must-Staple 扩展名。一旦为您的帐户启用后，在您的 SSL/TLS 证书请求单的其他证书选项下将显示在证书中包括 OCSP Must-Staple 扩展名选项。
注意：支持 OCSP Must-Staple 的浏览器可能会向访问您的网站的用户显示一条阻止消息。在安装证书前，请确保您的网站配置正确，能够可靠地服务于装订的 OCSP 响应。
如果为您的帐户启用，这些配置文件选项将显示在您的 SSL/TLS 证书请求表的附加证书选项下。
我们新增了一个证书配置文件选项“授予的凭证”，您可以在 OV 和 EV SSL/TLS 证书中包括 DelegationUsage 扩展名。一旦为您的帐户启用后，在您的 SSL/TLS 证书请求单的其他证书选项下将显示在证书中包括 DelegationUsage 扩展名选项。
如果为您的帐户启用，这些配置文件选项将显示在您的 SSL/TLS 证书请求表的附加证书选项下。
我们改进了 DigiCert 服务 API 请求端点，使证书请求可以更快地获得响应。
我们简化了 OV 证书订单（Standard SSL、Secure Site SSL 等）的添加联系人流程。现在，当您订购 OV 证书时，我们为您填充组织联系人卡。如果需要，您可以添加技术联系人。
我们简化了 EV 证书订单（EV SSL、Secure Site EV SSL 等）的添加联系人流程。现在，当您订购 EV 证书时，如果在您的帐户中有可用的已验证的 EV 联系人信息，我们将为您填充已验证的联系人卡。如果需要，您可以添加组织和技术联系人。