Change log | docs.digicert.com

一月 25, 2022

Updates to OV and EV TLS certificate profiles

As we work to align our DV, OV, and EV TLS certificate profiles, we are making a minor change to our OV and EV TLS certificate profiles. Starting January 25, 2022, we will set the Basic Constraints extension to noncritical in our OV and EV TLS certificate profiles.

Note: DV TLS certificates are already issued with the Basic Constraints extension set to noncritical.

What do I need to do?

No action is required on your part. You shouldn't notice any difference in your certificate issuance process.

However, if your TLS certificate process requires the Basic Constraints extension to bet set to critical, contact your account manager or DigiCert Support immediately.

十一月 16, 2021

File api OV SSL certificates DCV CertCentral domain validation DV SSL certificates http token HTTP Practical Demonstration EV SSL certificates tls certificates FileAuth Services API SSL certificates domain control validation wildcard domains http auth SC45 domain prevalidation file-based DCV

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

Validate wildcard domains (*.example.com)
To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

六月 3, 2021

OV SSL certificates domain validation EV SSL certificates Services API order endpoints

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON response:

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

一月 25, 2021

OV SSL certificates DV SSL certificates EV SSL certificates New Services API email to dns txt contact prevalidation DCV email method

CertCentral 服务 API：改进的域电子邮件端点

为了更加方便查找在基于电子邮件的域控制验证 (DCV) 流程中用于接收 DigiCert 验证邮件的 DNS TXT 电子邮件地址，我们对域电子邮件端点新增了一个响应参数：dns_txt_emails。

dns_txt_emails参数返回在域的 DNS TXT 记录中找到的电子邮件地址的列表。这是我们在验证的域的_validation-contactemail子域上的 DNS TXT 记录中找到的电子邮件地址。

具有新参数的响应示例：

关于新支持的“发送电子邮件给 DNS TXT 联系人”DCV 方法的更多信息：

变更日志 - 2021 年 1 月 13 日

关于验证 DV 证书订单上的域的信息：

域控制验证 (DCV) 方法

关于验证 OV/EV 证书订单上的域的信息：

一月 13, 2021

OV SSL certificates DV SSL certificates EV SSL certificates New email to dns txt contact prevalidation DCV email method

CertCentral：“发送电子邮件给 DNS TXT 联系人”DCV 方法

我们很高兴宣布，DigiCert 现在支持发送电子邮件给 DNS TXT 联系人进行基于电子邮件的域控制验证 (DCV)。这意味着您可以在域的 DNS TXT 记录中添加电子邮件地址。DigiCert 自动搜索 DNS TXT 记录并发送 DCV 电子邮件到这些地址。收件人需要按照邮件中的说明证明对域的控制权。

注意：以前，DigiCert 仅发送 DCV 电子邮件至基于 WHOIS 的电子邮件地址和构造的电子邮件地址。

行业变化

由于隐私权政策和其他约束，访问 WHOIS 记录中的联系人信息越来越难。通过 SC13 投票表决后，证书颁发机构/浏览器 (CA/B) 论坛在支持的 DCV 方法列表中添加了“发送电子邮件给 DNS TXT 联系人”。

DNS TXT 记录电子邮件联系人

如需使用发送电子邮件给 DNS TXT 联系人 DCV 方法，必须将 DNS TXT 记录放入需要验证的域的 _validation-contactemail 子域上。DigiCert 自动搜索 WHOIS 和 DNS TXT 记录并发送 DCV 电子邮件到在这些记录中找到的地址。

_validation-contactemail.example.com | Default | validatedomain@digicerttest.com

此文本记录的 RDATA 值必须是有效的电子邮件地址。请参阅基准要求附录中的 B.2.1 DNS TXT 记录电子邮件联系人。

有关“投票 SC13”、CA/浏览器论坛和“发送电子邮件给 DNS TXT 联系人”DCV 方法的更多信息：

十一月 3, 2020

CertCentral API DCV tokens OV SSL certificates domain validation EV SSL certificates Services API

CertCentral 服务 API：在 OV 和 EV 证书订单的响应数据中增加了新域的 DCV 令牌

我们更新了用于订购公共 OV 和 EV SSL 证书的端点，以便为订单上的新域返回域控制验证 (DCV) 请求令牌。

现在，当您申请 OV 或 EV 证书时，不再需要发布单独的请求来为订单上的新域获取 DCV 请求令牌。而是可以直接从订单请求的响应数据中获取令牌。

响应数据示例：

Example response for an OV order with a new domain

注意：对以下域不返回 dcv_token 对象：在订单上的另一个域的作用域下进行验证的域，帐户中已经存在的域，或现有域的子域。

此更新适用于以下端点：