筛选方式: Services API x 清除
new

为了让您更轻松地规划证书相关任务,我们提前预定了 2021 年维护时限。请参阅  DigiCert 2021 年预定维护 - 本页始终提供所有最新的维护计划信息。

鉴于我们客户遍布世界各地,我们知道该时间并非对每个人都合适。但是,在审查有关客户使用情况的数据后,我们选择了受影响的客户数量最少的时间。

关于我们的维护计划

  • 除非另外说明,否则预定维护时间是每个月的第一个周末。
  • 每次维护时限预定 2 小时。
  • 尽管我们提供了冗余以保护您的服务,但一些 DigiCert 可能不可用。
  • 完成维护后,所有运营将恢复正常。

有关这些维护时间的更多信息,请联系您的客户经理或  DigiCert 支持团队。要获取实时更新,请订阅 DigiCert 状态页面。

new

Upcoming Schedule Maintenance

On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 20 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 60 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete our maintenance.

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

new

CertCentral Services API: Get orders by alternative order ID

We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id you provide in the URL path.

new

Verified Mark Certificates available now.

Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.

To disable or change availability of VMC in your account, visit the Product Settings page.

Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.

new

CertCentral Services API: Verified Mark Certificate enhancements

To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.

New endpoints:

Updated endpoints:

  • Order info
    We updated the Order info endpoint to return a vmc object with the trademark country code, registration number, and logo information for VMC orders.
  • Email certificate
    We updated the Email certificate endpoint to support emailing a copy of your issued VMC.

To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.

new

Upcoming schedule maintenance

On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.

Service downtime

From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:

  • CertCentral / Services API
  • Direct Cert Portal / API
  • ACME
  • Discovery / API
  • ACME agent automation / API

API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.

Service interruptions

During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:

  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • DigiCert ONE
  • Automation service
  • CT Log monitoring
  • Vulnerability assessment
  • PCI compliance scans

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • QuoVadis TrustLink

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Upcoming scheduled maintenance

On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

new

Upcoming scheduled maintenance

On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

new

CertCentral Services API: Site seal enhancements

To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:

  • New endpoint: Upload site seal logo
    We added a new endpoint – Upload site seal logo – you can use to upload your company logo for use with a DigiCert Smart Seal. This logo appears in the site seal on your website. Note: Only Secure Site and Secure Site Pro SSL/TLS certificates support the option to display your company logo in the site seal.
  • New endpoint: Update site seal settings
    We added a new endpoint – Update site seal settings – you can use to change the appearance of your site seal and the information that displays on the site seal information page.
  • Updated endpoint: Get site seal settings
    We updated the Site seal settings endpoint to return information about each property you can customize with the Update site seal settings endpoint.

Related topics:

enhancement

CertCentral Services API: Revoke certificate by serial number

To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.

Example Revoke certificate path using the certificate ID:

https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke

Example Revoke certificate path using the certificate serial number:

https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke

Learn more about using the Revoke certificate endpoint

new

Upcoming scheduled maintenance

On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services

For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8 / API
  • PKI Platform 8 SCEP
  • PKI Platform 7 / API
  • PKI Platform 7 SCEP
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral: New purchase order and invoice system

We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.

The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.

Pay invoices page

When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.

Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.

Purchase orders and invoices page

On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.

Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.

In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.

Existing PO and Invoice migration

  • Autogenerated invoices
    When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds).
  • Invoices generated from approved purchase orders
    When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
enhancement

CertCentral Services API: View balance enhancements

To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:

  • unpaid_invoice_balance
    Unpaid invoice balance
  • negative_balance_limit
    Amount the balance can go into the negative
  • used_credit_from_other_containers
    Amount owed by other divisions in the account (for accounts with separate division funds enabled)
  • total_available_funds
    Total funds available for future purchases

Example response: 

Example response from the View balance endpoint

For more information, see the documentation for the View balance endpoint.

enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

new

Upcoming scheduled maintenance

On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?

Please plan accordingly.

  • Schedule your high-priority orders, renewals, and reissues around the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

CertCentral 服务 API:新增子帐户端点

为了更加方便您管理子帐户,我们在 CertCentral 服务 API 中新增了两个端点:列出子帐户域列出子帐户组织

enhancement

CertCentral 服务 API:改进了“创建子帐户”端点

为了让您对子帐户拥有更多控制权,我们对创建子帐户端点新增了两个请求参数:child_namemax_allowed_multi_year_plan_length

  • child_name - 使用此参数为子帐户设置自定义显示名称。
  • max_allowed_multi_year_plan_length - 使用此参数为子帐户设置多年计划的自定义有效期。

JSON 请求示例:

Create subaccount example request

创建子帐户后,使用子帐户信息端点查看子帐户的"显示"名称和允许的多年计划订单有效期。

new

即将开始的预定维护

2021 年 2 月 6 日 22:00 – 24:00 MST(2021 年 2 月 7 日 05:00 – 07:00 UTC),DigiCert 将执行关键维护。

在维护期间,下列服务将中断大约 60 分钟。但是,根据执行的维护范围,在两小时维护期间可能会发生更多服务中断。

您将无法登录这些平台以及访问这些服务和 API:

  • CertCentral / 服务 API
  • Direct Cert Portal / Direct Cert Portal API
  • 证书颁发服务 (CIS)
  • 简单证书注册协议 (SCEP)
  • Discovery / API
  • ACME
  • ACME 代理自动化 / API

DigiCert 将无法为以下服务和 API 颁发证书:

  • CertCentral / 服务 API
  • Direct Cert Portal / Direct Cert Portal API
  • 证书颁发服务 (CIS)
  • 简单证书注册协议 (SCEP)
  • 完整的网站安全性 (CWS) / API
  • Managed PKI for SSL (MSSL) / API
  • QV 信任链接

维护活动不影响以下服务:

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE 管理器

API 注释:

  • 用于处理证书相关交易的服务将不可用,例如,申请证书、添加域和验证请求。
  • API 将返回“无法连接”错误。
  • 如果在此期间提交证书请求时收到"无法连接"错误消息,则需要在恢复服务后再次提交请求。

我可以做什么?

调整计划:

  • 将高优先级订单、续订和补发计划安排在关键维护时间以外的其他时间。
  • 如果您使用 API 执行直接颁发证书和其他自动化任务,可能会遇到中断。
  • 订阅 DigiCert 状态 页面以获取实时更新。
  • 请参阅 DigiCert 2021 年预定维护了解预定的维护日期和时间。

一旦维护完成,将立即恢复服务。

new

CertCentral 服务 API:新增单位数量订单详情和取消单位数量订单端点

我们很高兴宣布,我们在 CertCentral 服务 API 中新增了两个端点:单位数量订单详情取消单位数量订单

这些端点可用于获取关于单位数量订单的信息以及取消单位数量订单。

取消单位数量订单:

  • 您只能在下单后三十天内取消订单。
  • 如果订单上的子帐户已经使用了任何单位数量,则不能取消单位数量订单。

如果您管理的子帐户使用单位数量作为付款方式,则您现在可以使用服务 API 执行以下任务:

enhancement

CertCentral 服务 API:改进了产品列表、产品限制和产品信息端点

为了更加方便在帐户中查找数字证书产品的可用订单有效期,我们对产品列表、产品限制和产品信息端点新增了响应参数。

这些新响应参数允许您查看帐户中每个产品的默认和自定义订单有效期。

产品列表端点

allowed_order_validity_years参数返回帐户中每个产品支持的订单有效期列表。

产品限制端点

allowed_order_lifetimes参数返回对帐户中具有不同分区和用户角色分配的用户设定的自定义订单有效期限制的列表。

产品信息端点

  • allowed_order_validity_years参数返回当您申请证书产品时可用的订单有效期列表。
  • custom_order_expiration_date_allowed参数返回布尔值,用于描述在您申请证书产品是否可以设置自定义订单到期日期。
enhancement

CertCentral 服务 API:改进了子帐户订单信息端点

为了更加方便查找子帐户订单的有效期信息,我们对子帐户订单信息端点新增了响应参数。这些新的响应参数允许您查看订单开始日期、订单结束日期以及订单是否为多年计划。

  • 如果订单是多年计划,则is_multi_year_plan参数返回"1"
  • order_valid_from参数返回订单有效期的开始日期。
  • order_valid_till参数返回订单有效期的结束日期。

具有新参数的响应示例

Subaccount order updates

new

即将开始的预定维护

2021 年 1 月 9 日 22:00 – 24:00 MST(2021 年 1 月 10 日 05:00 – 07:00 UTC),DigiCert 会执行此预定维护。

尽管我们提供了冗余以保护您的服务,但在此期间,一些 DigiCert 可能不可用。

您可以做什么?
做好相应计划。

  • 将高优先级订单、续订、补发和重复颁发预定在维护时限之外。
  • 要获取实时更新,请订阅 DigiCert 状态页面。
  • 有关预定维护日期和时间,请参阅 DigiCert 2021 年预定维护

完成维护后,会立即恢复服务。

new

CertCentral 服务 API:更新续订通知设置

我们在 CertCentral 服务 API 合同中新增了一个端点:更新续订通知设置。使用此端点为证书订单启用或禁用续订通知。 

有关更多信息,请访问服务 API 文档:

enhancement

自定义 DigiCert 多年计划的生命周期

我们很高兴宣布,您以后在 CertCentral 中申请 TLS 证书时可以为多年计划 (MyP) 设置自定义生命周期。在 TLS 证书请求表上,使用新的自定义订单有效期选项为 TLS 证书订单设置自定义有效期。

注意:根据行业最佳实践,TLS 证书有效期最长不超过 397 天。请参阅终止 2 年期公共 SSL/TLS 证书

可以按天数或到期日期设置自定义的多年计划订单有效期。订单有效期不超过 2190 天(6 年)。订单有效期不低于 7 天。

注意:自定义订单的开始日期即我们为订单颁发证书的日期。订单价格按所选证书及您的自定义订单有效期按比例价格。

设置自定义 MyP 有效期的具体步骤

  1. 在“申请证书”表上,单击选择有效期限
  2. 在“您需要在多长期限内保护您的网站”窗口中,选择自定义订单有效期
  3. 在“选择自定义订单期限”下,设置多年计划的生命周期:
    1. 自定义订单有效期
      指定计划的有效天数。
    2. 自定义订单到期日期
      选择需要计划到期的日期。
  4. 单击保存
enhancement

更新了公共 TLS 证书的产品设置

为了在证书订购流程中提供更多控制权,我们更新了公共 TLS 证书的产品设置。您现在可以决定用户在订购公共 TLS 证书时可以选择的多年计划订单有效期。

在 TLS 证书的产品设置页面上,使用允许的有效期选项指定在 TLS 证书申请表上显示的多年计划订单有效期。1 年、2 年、3 年、4 年、5 年和 6 年。请注意,对产品设置进行的更改适用于通过 CertCentral 和服务 API 提交的请求。

注意:以前使用的是允许的有效期选项指定用户在订购公共 TLS 证书时可以选择的最长证书生命周期。但是,随着行业改用 1 年期证书,不再需要对证书有效期使用此选项。请参阅终止 2 年期公共 SSL/TLS 证书

为 TLS 证书配置允许的多年计划订单有效期的具体步骤

  1. 在左侧主菜单中,转到设置 > 产品设置
  2. 在“产品设置”页面上,选择公共 TLS 证书。例如,选择 Secure Site OV
  3. 在 Secure Site OV 下的允许的有效期下拉列表中,选择有效期。
  4. 单击保存设置

用户下一次订购 Secure Site OV 证书时,将仅看到您在申请表上选择的有效期。

注意:对多年计划订单有效期设置限制会导致移除 TLS 证书申请表上的自定义有效期选项。

enhancement

CertCentral 域页面:改进了 domains.csv 报告

在域页面上,我们改进了 CSV 报告,更方便跟踪 OV 和 EV 域验证到期日期以及查看以前使用的域控制验证 (DCV) 方法。

当您下一次下载 CSV 文件时,您将看到报告中新增了三列:

  • OV 到期
  • EV 到期
  • DCV 方法

下载 domains.csv 报告的具体步骤

  1. 在左侧主菜单中,转到证书 > 域
  2. 在域页面上的下载 CSV 下拉列表中,选择下载所有记录

打开 domains.csv 后,您应该会看到报告中新增的列和信息。

enhancement

CertCentral 订单页面:改进了加载次数

在 CertCentral 中,我们更新的订单页面,以改进管理大量证书订单时所需的加载次数。当您下一次访问订单页面时,它的打开速度将大大提高(从左侧主菜单转到证书 > 订单)。

为了改进加载次数,我们更改了在初始页面视图上筛选证书订单的方式。以前,我们将页面筛选为仅显示活跃的证书订单。但是,在处理大量证书订单时会出现问题。帐户中的订单越多,打开订单页面所需的时间越长。

现在,当您访问页面时,我们会不加筛选地返回您的所有证书,并按证书订单创建时间从新到旧的顺序降序排列。如需只查看活跃的证书,请选择状态下拉列表中的活跃并单击开始

new

CertCentral 服务 API:为子帐户购买单位数量和查看单位数量订单

在 CertCentral 服务 API 中,我们新增了用于购买单位数量和查看单位数量订单的端点。现在,如果您管理的帐户中有在证书请求中使用单位数量作为付款方式的子帐户,可以使用此服务 API 为子帐户购买更多单位数量及获取关于您的单位数量订单历史记录的信息。

有关更多信息,请参阅以下新端点的参考文档:

enhancement

CertCentral 服务 API:文档更新

我们很高兴宣布对 CertCentral 服务 API 文档进行了以下更新:

  • 新增优惠券估计价格 API
    我们为优惠券估计价格端点发布了新的参考主题。使用优惠券的客户可以使用此端点为特定的优惠券配置估算订单费用(包括税费)。
  • 更新了 API 词汇表
    我们使用新表更新了词汇表,用于指定不同的组织验证状态值。请参阅词汇表 - 组织验证状态
  • 在“更新帐户电子邮件”文档中增加了请求参数
    我们在更新帐户电子邮件端点文档中新增了emergency_emails请求参数。使用该参数可以更新用于接收 DigiCert 紧急通知的电子邮件地址。

示例更新帐户电子邮件请求主体:

emergency_emails.png
  • 在产品信息文档中增加了响应参数
    我们新增了validation_type, allowed_ca_certs, 和default_intermediate响应参数到产品信息端点文档中。
    • 使用validation_type参数获取指定产品的验证类型。
    • 使用allowed_ca_certs参数获取您在订购指定产品时可以选择的 ICA 证书的相关信息。*
    • 使用default_intermediate参数获取指定产品的默认 ICA 的 ID。*

示例产品信息响应数据

Product info response.png

* 注意:产品信息端点仅对支持 ICA 选择的产品返回allowed_ca_certsdefault_intermediates参数。对于支持选择 ICA 的公共 SSL 证书(OV 和 EV 灵活证书),仅在对帐户启用 ICA 选择的情况下返回这些参数。此外,仅当管理员为帐户中的分区或用户角色进行了自定义产品设置,才返回default_intermediates参数。有关更多信息,请参阅公共 OV 和 EV 灵活证书的 ICA 证书链选项

enhancement

CertCentral 服务 API:在 OV 和 EV 证书订单的响应数据中增加了新域的 DCV 令牌

我们更新了用于订购公共 OV 和 EV SSL 证书的端点,以便为订单上的新域返回域控制验证 (DCV) 请求令牌。

现在,当您申请 OV 或 EV 证书时,不再需要发布单独的请求来为订单上的新域获取 DCV 请求令牌。而是可以直接从订单请求的响应数据中获取令牌。

响应数据示例:

Example response for an OV order with a new domain

注意:对以下域不返回 dcv_token 对象:在订单上的另一个域的作用域下进行验证的域,帐户中已经存在的域,或现有域的子域。

此更新适用于以下端点:

new

面向公共 OV 和 EV 灵活证书的 ICA 证书链选项

我们很高兴宣布,具有灵活功能的公共 OV 和 EV 证书现在支持中间 CA 证书链选项。

您可以在 CertCentral 帐户中添加一个选项,用于控制哪个 DigiCert ICA 证书链颁发您的公共 OV 和 EV "灵活"证书。

该选项可用于:

  • 为每个公共 OV 和 EV 灵活证书设置默认的 ICA 证书链。
  • 控制证书请求者可以使用哪个 ICA 证书链颁发灵活证书。

配置 ICA 证书链选项

如需对帐户启用 ICA 选项,请联系您的客户经理或我们的支持团队。然后,在您的 CertCentral 帐户中的产品设置页面上(从左侧主菜单转到设置 > 产品设置),为每种类型的 OV 和 EV 灵活证书配置默认和允许的中间证书。

有关更多信息和步骤说明,请参阅公共 OV 和 EV 灵活证书的 ICA 证书链选项

new

DigiCert 服务 API 支持 ICA 证书链选项

在 DigiCert 服务 API 中,我们进行了以下更新,以支持在您的 API 集成中进行 ICA 选择:

  • 创建了新的产品限制端点
    使用此端点获取为帐户中的每个分区启用的产品限制和设置的相关信息。这包括每个产品的默认和允许的 ICA 证书链的 ID 值。
  • 增加了面向公共 TLS OV 和 EV 灵活证书订单请求的 ICA 选项支持
    为产品配置允许的中间证书后,您在使用 ICA 提交订单请求时,可以选择需要用来颁发证书的 ICA 证书链。
    将颁发 ICA 证书的 ID 传递为订单请求主体中的ca_cert_id参数值。

灵活证书请求示例:

Example flex certificate request

有关在 API 集成中使用 ICA 选项的更多信息,请参阅 OV/EV 证书生命周期 -(可选)ICA 选择

enhancement

面向所有 DigiCert 公共 SSL/TLS 证书推出 DigiCert® 多年计划

我们很高兴宣布,CertCentral 现已推出面向所有公共 SSL/TLS 证书的多年计划。购买这些计划,您只需支付一次优惠价就能享用长达六年的 SSL/TLS 证书保障。

注意企业许可证协议 (ELA) 合同仅支持 1 年和 2 年期的多年计划。固定费用合同不支持多年计划。如果您有固定费用合同,请联系您的客户经理,以了解针对您的合同提供的解决方案。

在多年计划中,您选择 SSL/TLS 证书、证书的保障期限(最多六年)以及证书有效期。在计划到期前,每次在有效期满时,都可以免费补发证书。有关更多信息,请参阅多年计划

enhancement

更改 DigiCert 服务 API 以支持多年计划

在我们的服务 API 中,我们更新了公共 SSL/TLS 证书端点,以支持通过多年计划订购证书。

针对用于订购公共 SSL/TLS 证书的每个端点,我们新增了可选*请求参数。此外,我们还更新了这些端点,使您的订单有效期不再必须与证书有效期一致。

  • 新增可选cert_validity参数
    使用此参数定义为订单颁发的第一个证书的有效期。如果您的请求中省略了cert_validity参数,则您的证书有效期默认设为 DigiCert 和行业标准允许的最长有效期,或订单的有效期,以较短的时间为准。
  • 新增可选order_validity参数*
    使用此参数定义订单的有效期。订单有效期决定多年计划的时间期限。
  • 更新了顶级validity_years, validity_days, custom_expiration_date参数*
    对于现有的 API 集成,您仍然可以使用这些现有参数定义订单的有效期。但是,我们建议您更新集成,以改为使用新参数。请注意,在多年计划中,您的订单有效期可能与证书有效期不同。

*注意:请求中必须包括order_validity对象或其中一个顶级订单有效期参数: validity_years, validity_days, 或custom_expiration_date值。在order_validity对象中提供的值覆盖顶级有效期参数。

这些更改不会影响您当前的集成。但是,为了获得最长的 SSL/TLS 有效期,您以后可能需要通过多年计划购买公共 SSL/TLS 证书。关于 API 集成,请参阅订购多年计划

使用新参数的证书请求示例

Example SSL certificate request with new certificate and order valdity parameters

new

现在已推出多年计划

我们很高兴宣布,CertCentral 和 CertCentral 合作伙伴现已推出多年计划。

购买 DigiCert® 多年计划,您只需支付一次优惠价就能享用长达六年的 SSL/TLS 证书保障。在多年计划中,您选择 SSL/TLS 证书、证书的保障期限(最多六年)以及证书有效期。在计划到期前,每次在有效期满时,都可以免费补发证书。

从 2020 年 9 月 1 日开始,SSL/TLS 证书的最长有效期将从 825 天缩短为 397 天。当有效的多年计划证书即将到期时,可以补发证书以维持 SSL/TLS 保障。

compliance

浏览器支持终止 TLS 1.0 和 1.1

四大浏览器将终止支持传输层安全性 (TLS) 1.0 和 1.1。

须知事项

此更改不影响您的 DigiCert 证书。您的证书将仍然像以前一样工作。

此更改影响依赖于 TLS 1.0 或 1.1 的浏览器依赖性服务和应用程序。一旦浏览器终止支持 TLS 1.0 或 1.1,这些过时的系统将无法建立 HTTPS 连接。

所需操作

如果您受此更改的影响,且您的系统支持更新版本的 TLS 协议,请尽快将服务器配置升级到 TLS 1.2 或 TLS 1.3。

如果不升级到 TLS 1.2 或 1.3,您的网络服务器、系统或代理将无法使用 HTTPS 与证书建立安全通信。

浏览器 TLS 1.0/1.1 弃用信息

Firefox 78,2020 年 6 月 30 日发布

Safari 13.1,2020 年 3 月 24 日发布

Chrome 84,2020 年 7 月 21 日发布

Edge v84,2020 年 7 月 16 日发布

有用资源

由于有许多特殊的系统依赖于 TLS,因此我们无法涵盖所有升级路径,但下面提供了一些可能有用的参考资源:

enhancement

CertCentral 服务 API:更新了错误消息文档

在服务 API 文档中,我们更新了错误 页面,其中包含下面相关的错误描述:

  • 立即颁发 DV 证书
  • 域控制验证 (DCV)
  • 证书颁发机构 (CAA) 资源记录检查

今年早些时候,我们改进了面向 DV 证书订单和 DCV 请求的 API,当 DCV、文件授权、DNS 查找或 CAA 资源记录检查失败时提供更加详细的错误消息。现在,当您收到其中一条错误消息时,请检查错误页面以获取更多疑难解答信息。

有关更多信息