三月 12, 2020
Updates to the Domain details page
We simplified the Domain Validation section on the Domain details page to display only two validation types with their expiration dates: OV and EV. We also updated the page to show the domain validation expiration dates calculated from when the Domain Control Verification (DCV) was completed (OV: +825 days, EV: +13 months).
Note: Previously, you could see up to two other validation types: Grid and Private. Grid certificates have the same validity period as OV: 825 days. Domain validation is not required for private certificates as these certificates are not publicly trusted.
To view a domain's validation expiration dates, in the left main menu, go to Certificates > Domains. On the Domains page, locate the domain and click its Domain Name link. On the Domain details page, under Domain Validation, view your domain validations and when they expire.
CertCentral Services API: Improved List domains and Domain info endpoints
In the DigiCert Services API, we updated the List domains and Domain info endpoints, enabling you to see when the domain control validations (DCV) for the domain expire: OV and EV validations. This new information is only returned in the response if you include the URL query string include_validation=true.
Now, when you get a list of all domains or information about a specific domain and you include the URL query string include_validation=true, you can see when the DCVs for the domain expire.
Example requests with the URL query string:
- Domain info
https://www.digicert.com/services/v2/domain/{{domain_id}}? include_validation=true - List domains
https://www.digicert.com/services/v2/domain?include_validation=true
Example response – domain control validation (DCV) expiration dates
Removed "Pending" column from Domains page
We found a bug on the Domains page preventing us from providing accurate information about a domain's pending validations. As a temporary solution, we are removing the Pending column from the page until a permanent fix can be deployed.
To view if a domain has pending validations, in the left main menu, go to Certificates > Domains. On the Domains page, locate the domain and click its Domain Name link. On the Domain details page, under Domain Validation, check to see if the domain has pending validations: OV and EV.
二月 28, 2020
CertCentral Services API: Improved rate limits
In the DigiCert Services API, we improved our requests rate limits. Now, we enforce a rate limit of 1000 requests per 5 minutes, along with a short-term rate limit of 100 requests per 5 seconds to protect against burst requests and prevent abuse*.
*Note: If the number of requests exceeds either rate limit, API access is temporarily blocked, and all requests return a 429 HTTP status code (request_limit_exceeded) with a "Service unavailable, please limit request volume" message.
For more information, see Rate limits.
二月 20, 2020
We fixed a bug in CertCentral where "hidden" organizations prevented certificate request forms from opening. To fix this issue, we no longer include hidden organizations in the list of available organizations on the certificate request forms.
What if I want to add a "hidden" organization to a certificate request?
To include a "hidden" organization in the list of available organizations on your certificate request forms, simply unhide it.
- In the left main menu, go to Certificates > Organizations.
- On the Organizations page, in the Hidden Organizations dropdown, select Show and then click Go.
- Click the organization, you want to unhide.
- On the Organization's detail page, click Unhide.
The next time you order a certificate, the organization will appear in the list of available organizations on the certificate request form.
Note: This change only affects the CertCentral user interface (UI). The API supports adding "hidden" organizations to your requests; you don’t need to unhide an organization to add it to a certificate request.
Legacy account upgrades to CertCentral
In the DigiCert Service API, we added a new endpoint—DigiCert order ID—to make it easier to find the corresponding DigiCert order IDs for your migrated legacy Symantec orders.
After you migrate your active, public SSL/TLS certificate orders to your new account, we assign a unique DigiCert order ID to each migrated legacy Symantec SSL/TLS certificate order.
Example request
GET https://www.digicert.com/services/v2/oem-migration/{{symc_order_id}}/order-id
Example response200 OK
For more information:
二月 7, 2020
In the DigiCert Services API, we added four new endpoints for ordering the new more flexible Basic and Secure Site SSL/TLS certificates. These more flexible SSL/TLS certificates make it easier to get the certificate to fit your needs and will replace the old Basic and Secure Site products.
Use these endpoints to place new orders and renewal orders only. They cannot be used to convert existing Basic or Secure Site certificate orders.
To activate any of these new certificates for your CertCentral account, contact your account manager or our Support team.
- Order Basic OV
POST https://www.digicert.com/services/v2/order/certificate/ssl_basic - Order Basic EV
POST https://www.digicert.com/services/v2/order/certificate/ssl_ev_basic - Order Secure Site OV
POST https://www.digicert.com/services/v2/order/certificate/ssl_securesite_flex - Order Secure Site EV
POST https://www.digicert.com/services/v2/order/certificate/ssl_ev_securesite_flex
Flexible OV and EV certificates
These certificates provide the encryption and authentication you've come to expect from DigiCert SSL/TLS certificates, while allowing you to build an OV or EV certificate with a mix of whatever domains and wildcard domains* are needed to fit your needs.
*Note: Industry standards support wildcard domains in OV SSL/TLS certificates only. EV SSL/TLS certificates don't support the use of wildcard domains.
一月 29, 2020
CertCentral Services API: Fixed Revoke certificate endpoint bug
In the DigiCert Services API, we fixed a bug in the Revoke certificate endpoint where the request to revoke a single certificate on an order was being submitted for all certificates on the order.
Note: After submitting your "single certificate" revocation request, we returned a 201 Created response with the request details to revoke all certificates on the order.
Now, when using the Revoke certificate endpoint to submit a request to revoke a single certificate on an order, we return a 201 Created response with the request details to revoke just that certificate on the order.
30-day money back guarantee
The Revoke certificate endpoint revokes a certificate on the order and not the order itself. Our 30-day money back guarantee is tied to an order and not a "certificate" on the order. To get the 30-day money back guarantee, you need to revoke the order within the first 30 days; see Revoke order certificates.
Certificate revocation process
All revocation requests, including those made via the Services API, must be approved by an administrator before DigiCert will revoke the certificate. This approval step is required and cannot be skipped or removed from the certificate revocation process.
- Revoke certificate: use this endpoint to revoke a single certificate on an order*.
- Revoke order certificates: use this endpoint to revoke all certificates on an order.
- Update request status: use this endpoint to approve a certificate revocation request.
*What you need to know about the revoke certificate endpoint
This endpoint is designed to revoke a certificate on an order; it doesn't revoke a certificate order.
If you revoke a certificate on an order with only a single certificate:
- The order is still active
- No refund is provided for the revoked certificate
- You can still reissue a certificate on that order
If you don't plan to reissue a certificate for the order, use the Revoke order certificates endpoint to revoke the order.
一月 17, 2020
CertCentral Services API: Improved Submit for validation endpoint
In the DigiCert Services API, we updated the Submit for validation endpoint, enabling you to submit a domain for revalidation before it expires. Now, you can submit a domain for revalidation at any time, enabling you to complete the domain’s validation early and maintain seamless certificate issuance for the domain.
Note: If you order a certificate for the domain while the domain's revalidation is in a pending state, we use the domain's current validation to issue the certificate.
New request parameter: dcv_method
We also added a new request parameter, dcv_method*. Now, when you submit a domain for validation, you can change the DCV method used to prove control over the domain.
*Note: This new parameter is optional. If you leave the new parameter out of your request, we return a 204 response with no content. You will need to use the same DCV method used before to prove control over the domain.
Example request with new parameter
POST https://www.digicert.com/services/v2/domain/{{domain_id}}/validation
Example response when new parameter is included in the request
201 Created
一月 14, 2020
CertCentral Services API: Improved order endpoints:
In the DigiCert Services API, we added an "organization ID" response parameter to the endpoints listed below. Now, when you add a new organization in your certificate request, we return the organization's ID in the response, enabling you to use the organization immediately in your certificate requests.
Previously, after adding a new organization in your certificate request, you had to make an additional call to get the new organization's organization ID: Order info.
Updated order endpoints:
- Order SSL (type_hint)
- Order OV/EV SSL
- Order Secure Site SSL
- Order Secure Site Pro SSL
- Order Secure Site Pro EV SSL
- Order Private SSL
- Order client certificate
- Order code signing certificate
- Order document signing certificate
Example response with new organization ID parameter
一月 9, 2020
11 SUPPORTED LANGUAGES IN THE DOC AND DEVELOPERS PORTALS
As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to the Document and Developers portals.
We now support these 11 languages:
- English
- Chinese (Simplified)
- Chinese (Traditional)
- French
- German
- Italian
- Japanese
- Korean
- Portuguese
- Russian
- Spanish
How does language support work?
When you visit the portals, use the language selector (globe icon) to change the portal display language. We save your language selection for 30 days so you don't need to reselect it every time you visit our documentation site.
TIPS AND TRICKS
Access Doc and Developer portals
You can access the Document and Developers portals from the DigiCert website and CertCentral.
- From digicert.com
In the top menu, hover over Support. Under Resources, you can find Documentation and API Documentation links. - From CertCentral
In the Help menu, select Getting Started.
On the API Keys page, click API Documentation. (In the left main menu, go to Automation > API Keys).
Create links within documentation
You can link to sections within the documentation.
On the documentation page, hover on the subheader you want to link to and click the hashtag icon (#). This creates a URL in the browser's address bar.
Use this feature to bookmark or link to specific sections in the instructions.
一月 7, 2020
CertCentral Services API: Improved order Document Signing - Organization (2000) and (5000) endpoints:
In the DigiCert Services API, we updated the Order document signing certificate endpoints for ordering Document Signing - Organization (2000) and (5000) certificates. We added a new parameter, "use_org_as_common_name": true, enabling you to use the organization name as the common name on the certificate.
Note: Previously, your only option was to use the person's full name as the common name on your document signing organization certificates.
Now, if you want to use the organization name as the common name on your document signing organization certificate, add the "use_org_as_common_name": true parameter to your certificate request. When we issue your certificate, the organization name will be the common name on the certificate.
- Document Signing - Organization (2000) endpoint: https://www.digicert.com/services/v2/order/certificate/document_signing_org_1
- Document Signing - Organization (5000) endpoint: https://www.digicert.com/services/v2/order/certificate/document_signing_org_2
Example request for Order document signing certificate endpoint
十二月 4, 2019
Improved client certificate process
We improved the client certificate process, enabling you to cancel client certificate orders in an Emailed to Recipient state—orders that are waiting for the email recipient to generate and install the client certificate in one of the supported browsers.
Note: Previously, when a client certificate was in an Emailed to Recipient state, you had to contact support to cancel the order.
Now, if you need to cancel a client certificate order in the Emailed to Recipient state, go to the client certificate's Order details page and in the Certificate Actions dropdown list, select Cancel Order. See Cancel pending client certificate orders.
CertCentral Services API: Improved client certificate process
In the DigiCert Services API, we updated the Update order status endpoint enabling you to cancel client certificate orders in a waiting_pickup state—orders that are waiting for the email recipient to generate and install the client certificate in one of the supported browsers.
Note: Previously, when a client certificate was in a waiting_pickup state, you received a forbidden error and had to contact support to cancel the order.
Now, you can use the Update order status endpoint to cancel a client certificate order in the waiting_pickup state.
十一月 13, 2019
In the DigiCert Services API, we added a new endpoint – Additional emails. This endpoint allows you to update the email addresses that receive certificate notification emails for the order (e.g., certificate renewals, reissues, and duplicate orders).
Note: These people can't manage the order. They only receive certificate related emails.
For more information on the Services API, see our Developers portal.
十一月 8, 2019
We are happy to announce a new addition to the DigiCert Developers portal—Discovery API. We just published our first set of Discovery API endpoints. More will follow as we continue to build out the Discovery API documentation.
Why use it?
- Access Discovery features without signing into your CertCentral account.
- Customize the Discovery experience to meet the needs of your organization.
- Integrate with your existing tools.
Sample of endpoints you can start using now:
- List endpoints
- View endpoint rating
- List certificates
- View certificate details
- View certificate rating
- Download certificate
Tips and Tricks
- Discovery API uses this base URL:
https://daas.digicert.com/apicontroller/v1/ - Discovery API requires admin or manager level permissions.
十月 21, 2019
In our CertCentral API, we added a new Custom Reports API that leverages the powerful GraphQL query language, enabling you to generate comprehensive and customizable data sets for more robust reporting.
Custom Reports API consolidates multiple REST endpoints into a single one, so you can better define the types and fields in your queries so they return only the information needed. Additionally, use it to create reusable query templates for generating and scheduling reports.
To learn more, see Custom Reports API in our Developers portal.
九月 9, 2019
We added two new features to the Expiring Certificates page (in the sidebar, click Certificates > Expiring Certificates), making it easier to manage renewal notifications for your expiring certificates.
First, we added a Renewal Notices column with an interactive check box. Use this check box to enable or disable renewal notices for an expiring certificate.
Second, we added two Renewal Notices filters: Disabled and Enabled. These filters allow you to see only the certificate orders with renewal notices enabled or disabled.
In the DigiCert Services API, we updated the List keys and Get key info endpoints response parameters, enabling you to see the organization associated with your ACME certificate orders.
Now, when you call the List keys and Get key info endpoints, we return the name of the organization (organization_name) associated with the ACME certificate order in the response.
八月 27, 2019
In the DigiCert Services API, we added two new Order info endpoints. Now, you can use the order ID, the certificate's serial number, or the certificate's thumbprint to view the details for a certificate order.
- GET https://www.digicert.com/services/v2/order/certificate/{{thumbprint}}
- GET https://www.digicert.com/services/v2/order/certificate/{{serial_number}}
Currently, these new endpoints only retrieve data for the primary certificate. For more information on the Services API, see our Developers portal.
PQC dockerized toolkit guide available now
Secure Site Pro Secure Site Pro certificates come with access to the DigiCert post-quantum cryptographic (PQC) toolkit. To create your own PQC test environment, use one of these options:
- Download the ISARA PQC toolkit and build your own OpenSSL test environment. See our PQC toolkit setup guide.
- Download the Docker support files and quickly spin up a Docker test environment. See our PQC dockerized toolkit guide.
Our toolkits contain what you need to create a hybrid SSL/TLS certificate. The hybrid certificate in the toolkits uses a PQC algorithm paired with an ECC algorithm allowing you to test the feasibility of hosting a post-quantum, backwards compatible hybrid certificate on your website.
Note: To access your PQC toolkit, go to your Secure Site Pro Certificate's Order # details page. (In the sidebar menu, click Certificates > Orders. On the Orders page, click the order number link for your Secure Site Pro certificate. On the certificate's order details page, click PQC toolkit.)
To learn more about post-quantum cryptography, see Post-Quantum Cryptography. To learn more about what's included with each Secure Site Pro certificate, see Pro TLS/SSL Certificates.
DigiCert is happy to announce we made it easier for DigiCert Accounts using the Retail API to upgrade to our new Certificate Management Platform, DigiCert CertCentral—For free!
To make the upgrade as seamless as possible, we shimmed these Retail API endpoints:
- POST /order/ssl -> POST /services/v2/order/certificate/ssl
- REISSUE /order/{order_id} -> POST /services/v2/order/certificate/{order_id}/reissue
- POST /order/code -> POST /services/v2/order/certificate/code_signing
Now, you can upgrade your DigiCert Account without any interruptions to your API integrations. Once you're upgraded, make plans to build new integrations with CertCentral.
- For more information on the CertCentral Services API, see our Developers portal.
For information about the DigiCert Retail API, see Documentation for the DigiCert Retail API.
七月 30, 2019
我们改进了 ACME 协议,增加了对 Signed HTTP Exchange 证书配置文件选项的支持。现在,您可以使用 ACME 客户端订购包括 CanSignHttpExchanges 扩展名的 OV 和 EV SSL/TLS 证书。
先为您的 Signed HTTP Exchange 证书创建 ACME 目录 URL。然后使用 ACME 客户端颁发和安装具有 CanSignHttpExchanges 扩展名的证书。
请参阅用于 Signed HTTP Exchange 证书的 ACME 目录 URL 和 ACME 用户指南。
背景
Signed HTTP Exchange 证书配置文件用于解决 AMP URL 显示问题,即,在地址栏中不显示您的品牌。请参阅使用 Signed Exchange 优化 AMP URL 显示和获取 Signed HTTP Exchange 证书。
该配置文件选项允许在 OV 和 EV SSL/TLS 证书中包括 CanSignHttpExchanges 扩展名。一旦为您的帐户启用,在证书中包括 CanSignHttpExchanges 扩展名选项将显示在添加 ACME 目录 URL 表单中
要为您的帐户启用该证书配置文件,请联系您的客户经理或联系我们的支持团队。
我们更新了“帐户访问权限”页面上的 ACME 目录 URL 列表中的信息图标,以帮助您快速识别包括证书配置文件选项的证书(例如,Signed HTTP Exchange)。
在侧栏菜单中,单击帐户 > 帐户访问权限。在帐户访问权限页面的 ACME 目录 URL 部分,单击信息图标可查看关于可以通过 ACME 目录 URL 订购的证书的详细信息。
在 DigiCert 服务 API 中,我们改进了列出密钥端点响应参数,您可以查看 ACME 目录 URL。现在,当您调用列出密钥端点时,我们在响应中返回 ACME URL (acme_urls) 以及 API 密钥 (api_keys) 信息。
七月 18, 2019
在 DigiCert 服务 API 中,我们更新了列出补发端点响应参数,您可以在补发的订单上看到接收者 ID、购买的域的数量以及购买的通配符域的数量。
现在,我们将根据情况在补发证书的订单详细信息中返回这些响应参数:
- receipt_id
- purchased_dns_names
- purchased_wildcard_names
七月 15, 2019
七月 10, 2019
七月 2, 2019
我们改进了与 CertCentral 集成的 SAML 单一登录 (SSO) 的用户邀请工作流,您可以在发送帐户用户邀请之前指定被邀请者作为仅 SSO 用户。现在,在邀请新用户弹窗中,使用仅 SAML 单一登录 (SSO) 选项限制被邀请者为仅 SAML SSO。
注意:此选项为这些用户禁用所有其他身份验证方式。而且,仅当您为 CertCentral 帐户启用 SAML 时,此选项才显示。
(在侧栏菜单中,单击帐户 > 用户邀请。在“用户邀请”页面上,单击邀请新用户。请参阅 SAML SSO:邀请用户加入帐户。)
简化的注册表
我们还简化了仅 SSO 用户注册表,删除了密码和安全问题要求。现在,仅 SSO 被邀请者需仅添加他们的个人信息。
我们添加了发现的即将到期的证书,您可以更容易地从帐户中的 CertCentral 仪表板中看到 Discovery 证书扫描结果,证书颁发机构,和按等级分析证书小工具。
每个小工具都包含一个交互式图表,您可以通过钻取以轻松找到有关即将到期的证书的更多信息(例如,哪些证书将在 8 至 15 天内到期)、每个证书颁发机构(例如,DigiCert)颁发的证书以及各安全性等级(例如,不安全)的证书。
有关 Discovery 的更多信息
Discovery 使用传感器扫描您的网络。扫描在您的 CertCentral 帐户内集中配置和管理。
- 要对您的 CertCentral 帐户启用 Discovery,请联系您的客户经理或我们的支持团队。
- 有关设置和运行 Discovery 的信息,请参阅 Discovery:安装传感器并运行扫描。
在 DigiCert 服务 API 中,我们更新了订单信息端点,您可以查看请求证书的方式。对于通过服务 API 或 ACME 目录 URL 请求的证书,我们返回新的响应参数:api_key. 该参数包括密钥名称以及密钥类型:API 或 ACME。
注意:对于通过其他方式(例如,CertCentral 帐户、来宾请求 URL 等)请求的订单,在响应中忽略 api_key 参数。
现在,在查看订单详细信息时,对于通过 API 或 ACME 目录 URL 请求的订单,您将在响应中看到新的 api_key 参数:
GET https://dev.digicert.com/services-api/order/certificate/{order_id}
响应:
我们在“订单”页面新增了一个搜索筛选器 - 请求方式,您可以搜索通过特定 API 密钥或 ACME 目录 URL 请求的证书订单。
现在,在“订单”页面上,使用请求方式筛选器查找通过特定 API 密钥或 ACME 目录 URL 请求的有效、已到期、已吊销、被拒绝、等待补发、待处理和副本证书。
(在侧栏菜单中,单击证书 > 订单。在“订单”页面上,单击显示高级搜索。然后,在请求方式下拉列表中,选择 API 密钥或 ACME 目录 URL 名称或在框中键入其名称。)
七月 1, 2019
我们改进了 Basic 和 Secure Site 单域证书组合(Standard SSL、EV SSL、Secure Site SSL 和 Secure Site EV SSL),将在证书中同时包括[your-domain].com 和 www.[your-domain].com 选项添加到这些证书的订购、补发和副本表单中。该选项可用于选择是否在这些单域证书中免费包括两个版本的公用名 (FQDN)。
![在证书中同时包括[your-domain].com 和 www.[your-domain].com](https://docs.digicert.com/media/images/opt-out-plus-feature-check-box-1.original.png){kind=link}
- 要获取两个版本的公用名 (FQDN),请选中在证书中同时包括[your-domain].com 和 www.[your-domain].com。
- 要仅获取公用名 (FQDN),请取消选中在证书中同时包括[your-domain].com 和 www.[your-domain].com。
请参阅订购 SSL/TLS 证书。
子域同上
该新选项可用于同时获取基域和子域版本。现在,要获取两个版本的子域,请将该子域添加到公用名框 (sub.domain.com),然后选中在证书中同时包括[your-domain].com 和 www.[your-domain].com。当 DigiCert 颁发您的证书时,它将在证书上包括两个版本的子域:[sub.domain].com 和 www.[sub.doman].com。
删除为子域使用 Plus 功能
在证书中同时包括[your-domain].com 和 www.[your-domain].com 选项将使 Plus 功能 - 为子域使用 Plus 功能失效。因此,我们从“分区首选项”页面上移除了该选项(在侧栏菜单中,单击设置 > 首选项)。
在 DigiCert 服务 API 中,我们更新了订购 OV/EV SSL,订购 SSL (type_hint),订购 Secure Site SSL,订购 Private SSL,补发证书,和副本证书端点,如下所列。这些更改使您在请求、补发和重复单域证书时拥有更大的控制权,可选择是否在这些单域证书上免费包括特定的附加 SAN。
- /ssl_plus
- /ssl_ev_plus
- /ssl_securesite
- /ssl_ev_securesite
- /private_ssl_plus
- /ssl*
- /reissue
- /duplicate
*注意:对于订购 SSL (type_hint) 端点,仅使用下面描述的 dns_names[] 参数添加免费 SAN。
要获取域的两个版本([your-domain].com 和 www.[your-domain].com),在您的请求中使用 common_name 参数添加域 ([your-domain].com),使用 dns_names[] 参数添加域的另一个版本 (www.[your-domain].com)。
当 DigiCert 颁发您的证书时,它将保护域的两个版本。
要仅获取公用名 (FQDN),忽略请求中的 dns_names[] 参数即可。
六月 12, 2019
四月 16, 2019
我们更新了 CertCentral 帮助菜单和“帐户访问权限”页面上指向新文档门户的文档链接。
现在,在 CertCentral 帮助菜单中,,当您单击入门指南时,,会跳转到新的 DigiCert 文档门户。同样,当您单击变更日志时,,会跳转到改进的变更日志页面。现在,在帐户访问权限页面上(在侧栏菜单中,单击帐户 > 帐户访问权限),当您单击 API 文档时,,会跳转到新的 DigiCert 开发人员门户。
四月 2, 2019
我们很高兴宣布推出新的 DigiCert 文档门户。该新网站采用现代风格的外观和风格,包含优化的、基于任务的帮助文档、产品新闻、变更日志以及 API 开发人员文档。
我们还很高兴地宣布,新的 DigiCert 开发人员门户已经完成测试。该开发人员网站采用现代风格的外观和风格,包含关于可用端点、用例和工作流的信息。
提示和技巧
- 您可以访问文档门户 www.digicert.com,位于顶部菜单的支持下(单击支持 > 文档)。
- 在我们文档中,将鼠标悬停在副标题上,单击标签图标。这会在浏览器的地址栏中创建一个 URL,您可以添加书签或链接至说明的特定部分。
即将推出
入门指南将包含有用信息以帮助您熟悉您的帐户中的功能。
三月 18, 2019
我们修复了组织单位 (OU) 条目字符限制错误,以前我们限制具有多个 OU 的 SSL/TLS 证书请求的 OU 条目字符总长度不得超过 64 个字符,而不是限制每个 OU 条目的字符长度。当管理员试图批准请求时,他们会错误地收到"组织单位必须少于 64 个字符才符合行业标准"的错误消息。
注意:该错误仅影响需要管理员审批的请求。
现在,当管理员批准具有多个 OU 的 SSL/TLS 证书请求时(每个条目在 64 个字符长度的标准限制内),该请求会如期提交给 DigiCert。
合规性备注:行业标准规定每个组织单位条目的字符长度限制为 64 个字符。但是,当您向订单添加多个 OU 时,每个 OU 分开计算,而不是合并在一起计算。请参阅公众信任的证书 - 违反行业标准的数据条目。
我们修复了证书请求上无法编辑为请求/证书分配的分区的错误。
注意:颁发证书后,您可以进入其订单编号详细信息页面,编辑为证书分配的分区。
现在,当您编辑证书请求时,可以更改为请求/证书分配的分区。
三月 12, 2019
三月 5, 2019
我们修复了 DV 证书补发错误,以前对于还剩一年以上时间才到期的证书,我们不会保留原始证书订单上的到期日期。
现在,当您补发还剩一年以上时间才到期的 DV 证书时,补发的证书将保留原始证书上的到期日期。
在 DigiCert 服务 API 中,我们改进了 DV 证书请求端点,您可以更准确地使用新的 email_domain 字段以及现有的 email 字段设定域控制验证 (DCV) 电子邮件的目标接收人。
例如,为 my.example.com 订购证书时,您可以要求基域 (example.com) 的域所有者验证子域。要更改 DV 电子邮件的接收人,请在您的 DV 证书请求中添加 dcv_emails 参数。然后添加 email_domain 字段指定基域 (example.com),添加 email 字段指定所需 DCV 电子邮件接收人的电子邮件地址 (admin@example.com)。
DV 证书端点:
- GeoTrust Standard DV -- https://www.digicert.com/services/v2/order/certificate/ssl_dv_geotrust
- GeoTrust Wildcard DV -- https://www.digicert.com/services/v2/order/certificate/wildcard_dv_geotrust
- RapidSSL Standard DV -- https://www.digicert.com/services/v2/order/certificate/ssl_dv_rapidssl
- RapidSSL Wildcard DV -- https://www.digicert.com/services/v2/order/certificate/wildcard_dv_rapidssl
二月 26, 2019
我们改进了 DigiCert 服务 API 请求端点,使证书请求可以更快地获得响应。
我们简化了 OV 证书订单(Standard SSL、Secure Site SSL 等)的添加联系人流程。现在,当您订购 OV 证书时,我们为您填充组织联系人卡。如果需要,您可以添加技术联系人。
- 在添加包括您的帐户中的现有组织的 CSR 时,我们使用分配给该组织的联系人信息填充组织联系人卡。
- 手动添加现有组织时,我们使用分配给该组织的联系人信息填充组织联系人卡。
- 添加新组织时,我们使用您的联系人信息填充组织联系人卡。
要使用其他组织联系人,请删除自动填充的组织联系人并手动添加。
我们简化了 EV 证书订单(EV SSL、Secure Site EV SSL 等)的添加联系人流程。现在,当您订购 EV 证书时,如果在您的帐户中有可用的已验证的 EV 联系人信息,我们将为您填充已验证的联系人卡。如果需要,您可以添加组织和技术联系人。
- 在添加包括您的帐户中的现有组织的 CSR 时,我们使用分配给该组织的已验证的 EV 联系人信息填充已验证的联系人卡。
- 手动添加现有组织时,我们使用分配给该组织的已验证的 EV 联系人信息填充已验证的联系人卡。
向组织分配已验证的联系人不是添加组织的先决条件。在有些情况下,可能没有对组织可用的已验证的联系人信息。此时可手动添加已验证的联系人。
二月 13, 2019
我们添加了两个新端点,您可以使用 order_id 下载该订单的当前有效证书。
这些端点只能用于获取订单的最近补发的证书。这些端点不能用于下载副本证书。
- GET https://www.digicert.com/services/v2/certificate/download/order/{{order_id}}
- GET https://www.digicert.com/services/v2/certificate/download/order/{{order_id}}/format/{{format_type}}
副本证书备注
要下载订单的副本证书,请先使用列出订单副本端点,以获取副本证书的 certificate_id - GET https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate。
然后使用获取证书端点下载副本证书 - GET https://www.digicert.com/services/v2/certificate/{{certificate_id}}/download/platform。
补发证书备注
要下载过去的补发证书(非最新补发),请先使用列出订单补发端点获取补发证书的 certificate_id - GET https://www.digicert.com/services/v2/order/certificate/{{order_id}}/reissue。
然后使用获取证书端点下载补发证书 - GET https://www.digicert.com/services/v2/certificate/{{certificate_id}}/download/platform。
API 文档说明
有关 DigiCert 服务 API 中可用的这些端点以及其他端点的更多信息,请参阅 CertCentral API。
十二月 17, 2018
我们改进了 RapidSSL DV 证书组合,您可以在这些单域证书中包括第二个特定域。
- RapidSSL Standard DV
现在在订购 RapidSSL Standard DV 证书时,您将默认获得证书中的两个公用名版本 -[your-domain].com 和 www.[your-domain].com。
输入公用名后,确保选中在证书中同时包括 www.[your-domain].com 和[your-domain].com 框。
以前,您必须分别订购单独的证书:[your-domain].com 和 www.[your-domain].com。 - RapidSSL Wildcard DV
现在在订购 RapidSSL Wildcard DV 证书时,您将默认获得证书中的通配符域和基域 - *.[your-domain].com 和[your-domain].com。
输入公用名后,确保选中在证书中同时包括 *.[your-domain].com 和[your-domain].com 框。
以前,您必须分别订购单独的证书:*.[your-domain].com 和[your-domain].com。
我们改进了 RapidSSL 证书端点以包括 dns_names 参数,您可以在这些单域证书中包括第二个特定域。
- RapidSSL Standard DV
现在在订购 RapidSSL Standard DV 证书时,您可以在证书中包括两个域版本 -[your-domain].com 和 www.[your-domain].com。"common_name": "[your-domain].com",
"dns_names":["www.[your-domain].com"],
以前,您必须订购单独的证书:[your-domain].com 和 www.[your-domain].com。 - RapidSSL Wildcard DV
现在在订购 RapidSSL Wildcard DV 证书时,您可以在证书中包括基域 - *.[your-domain].com 和[your-domain].com)。"common_name": "*.your-domain.com",
"dns_names":["[your-domain].com"],
以前,您必须订购单独的证书:*.[your-domain].com 和[your-domain].com。
有关 DigiCert 服务 API 文件,请参阅 CertCentral API。
个人文档签名证书在 CertCentral 中可用:
- 文档签名 - 个人 (500)
- 文档签名 - 个人 (2000)
要对您的 CertCentral 帐户启用个人文档签名证书,请联系您的销售代表。
以前只提供组织文档签名证书。
- 文档签名 - 组织 (2000)
- 文档签名 - 组织 (5000)
欲了解有关这些证书的更多信息,请参阅文档签名证书。
十二月 3, 2018
我们改进了 SSL/TLS 和客户端证书产品组合,您在订购其中一种证书时可以设置自定义有效期(天)。以前,您只能选择自定义到期日期。
自定义有效期从我们颁发证书之日开始计算。证书价格按自定义证书期限按比例计算。
注意:自定义证书有效期不得超出行业针对该证书规定的最高允许生命周期期限。例如,您不能为 SSL/TLS 证书设置 900 天有效期。
我们改进了 SSL/TLS 证书和客户端证书端点,以包括一个允许设置证书有效天数的新 validity_days 参数。
参数优先性备注:如果您的请求中包括多个证书有效期参数,我们在该订单中的证书有效期参数优先顺序为:custom_expiration_date > validity_days > validity_years。
有关 DigiCert 服务 API 文件,请参阅 CertCentral API。
我们新增了订单管理 - 列出订单补发 API 端点,您可以查看证书订单的所有补发证书。请参阅列出订单补发端点。
十月 6, 2017
十月 3, 2017
在证书请求 API 端点中增加了新中间证书颁发功能。请参阅 CertCentral 中间证书颁发功能。
九月 26, 2017
在"帮助" (?) 下拉菜单中包括了新功能;增加了新变更记录页面的链接。