CertCentral: DigiCert KeyGen, our new key generation service
DigiCert is happy to announce our new key generation service—KeyGen. Use KeyGen to generate and install your client and code signing certificates from your browser. KeyGen can be used on macOS and Windows and is supported by all major browsers.
With KeyGen, you don't need to generate a CSR to order your client and code signing certificates. Place your order without a CSR. Then after we process the order and your certificate is ready, DigiCert sends a "Generate your Certificate" email with instructions on using KeyGen to get your certificate.
How does KeyGen work?
KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and DigiCert sends the certificate back to KeyGen. Then KeyGen downloads a PKCS12 (.p12) file to your desktop that contains the certificate and the private key. The password you create during the certificate generation process protects the PKCS12 file. When you use the password to open the certificate file, the certificate gets installed in your personal certificate store.
To learn more about generating client and code signing certificates from your browser, see the following instructions:
Verified Mark Certificates (VMC): Three new approved trademark offices
We are happy to announce that DigiCert now recognizes three more intellectual property offices for verifying the logo for your VMC certificate. These new offices are in Korea, Brazil, and India.
New approved trademark offices:
Other approved trademark offices:
What is a Verified Mark Certificate?
Verified Mark Certificates (VMCs) are a new type of certificate that allows companies to place a certified brand logo next to the “sender” field in customer inboxes.
Bugfix: Code Signing (CS) certificate generation email sent only to CS verified contact
We fixed a bug in the Code Signing (CS) certificate issuance process where we were sending the certificate generation email to only the CS verified contact. This bug only happened when the requestor did not include a CSR with the code signing certificate request.
Now, for orders submitted without a CSR, we send the code signing certificate generation email to:
Note: DigiCert recommends submitting a CSR with your Code Signing certificate request. Currently, Internet Explorer is the only browser that supports keypair generation. See our knowledgebase article: Keygen support dropped with Firefox 69.
随着 Firefox 69 的发行，Firefox 最终终止支持 Keygen。Firefox 使用 Keygen 帮助生成密钥材料，用于在浏览器中生成代码签名、客户端和 SMIME 证书时提交公钥。
注意：Chrome 已经终止支持密钥生成，而 Edge 和 Opera 从不支持密钥生成。
DigiCert 颁发代码签名、客户端或 SMIME 证书后，我们向您发送一封电子邮件，其中包含用于创建和安装证书的链接。
发行 Firefox 69 后，您只能使用两种浏览器生成这些证书：Internet Explorer 和 Safari。如果公司政策要求使用 Firefox，您可以使用 Firefox ESR 或 Firefox 的可携带副本。
有关更多信息，请参阅 Firefox 69 将终止支持 Keygen。