篩選依據: DV Certificates x 清除
enhancement

CertCentral Services API: Improved Revoke order certificates and Revoke certificate endpoints

In the DigiCert Services API, we updated the Revoke order certificates and Revoke certificate endpoints, enabling you to skip the approval step when revoking a certificate.

Note: Previously, the approval step was required and could not be skipped.

We added a new optional parameter, "skip_approval": true, that allows you to skip the approval step when submitting a request to revoke one certificate or all certificates on an order.

Note: For skip approvals to work for certificate revoke requests, the API key must have admin privileges. See Authentication.

Now, on your revoke certificate and revoke order certificate requests, you can skip the approval step and immediately submit the request to DigiCert for certificate revocation.

Example request for the revoke certificate and revoke order certificates endpoints

Example revoke certificate request with skip_approval parameter

fix

Bug fix: DV certificate issuance emails did not respect certificate format settings

We fixed a bug in the DV certificate issuance process where the Your certificate for your-domain email notification did not deliver the certificate in the format specified in your account settings.

Note: Previously, we included a certificate download link in all DV certificate issued email notifications.

Now, when we issue your DV certificate order, the email delivers the certificate in the format specified in your account's Certificate Format settings.

Configure certificate format for certificate issuance emails

In the left main menu, go to Settings > Preferences. On the Division Preferences page, expand Advance Settings. In the Certificate Format section, select the certificate format: attachment, plain text, or download link. Click Save Settings.

new

Discovery now available in all CertCentral accounts

We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.

Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.

By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.

Cloud scan

Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.

Sensor scan

Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.

Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.

  • To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
  • To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.
new

Discovery audit logs

Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.

To make it easier to sort through the information in the Discover audit logs, we've include several filters:

  • Date range
  • Division
  • User
  • IP Address
  • Actions
    (e.g., void sensor, delete scan, etc.)

To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.

new

Discovery language support

As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.

Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.

To configure your language preference

In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.

See CertCentral language preferences.

fix

Bug fix: DV certificate orders did not honor Submit base domains for validation account setting

We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.

Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.

Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.

To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.

fix

Bug fix: DV certificate not attached to email notification

We fixed a bug in the DV certificate issuance process where we weren't attaching a copy of the DV certificate to the Your certificate for your-domain email notification. As a temporary fix to this issue, we now include a certificate download link in the DV certificate email notification.

Note: After DigiCert issues a certificate, it is immediately available in your CertCentral account.

To use the download link in the email, you must have access to the CertCentral account and have permissions to access the certificate order.

If an email recipient doesn't have access to the account or to the certificate order, you can email them a copy of the DV certificate from your CertCentral account. See our instructions for how to email a DV certificate from your CertCentral account.

enhancement

Legacy partner account upgrades to CertCentral

In the DigiCert Service API, we updated the—DigiCert order ID—to make it easier to find the corresponding DigiCert order IDs for your migrated legacy GeoTrust TLS/SSL certificate orders.

Now, you can use the GeoTrust order ID* to access the DigiCert order ID for your GeoTrust certificate orders. Additionally, when using the GeoTrust order ID, we return the most current DigiCert certificate order ID.

*Note: In the legacy partner accounts, you only have access to the GeoTrust order ID for your GeoTrust TLS/SSL certificate orders.

Background

After you migrate your active, public SSL/TLS certificate orders to your new account, we assign a unique DigiCert order ID to each migrated legacy SSL/TLS certificate order.

For more information:

fix

我們修復了 DV 憑證重新發行漏洞,其中我們未注意到原始訂單上的有效日期,因為憑證直到到期剩下超過一年的時間。

現在,當您重新發行離到期還剩一年以上的 DV 憑證時,重新發行的憑證將保留原始憑證的截止有效日期。

enhancement

在 DigiCert Services API 中,我們改善了 DV 憑證要求端點,允許您使用新的 email_domain 欄位連同現有的 email 欄位,更準確的設定想要的網域控制驗證 (DCV) 電子郵件的收件人。

例如,在訂購用於 my.example.com 的憑證時,您可以請基礎網域 (example.com) 的網域擁有者驗證子網域。若要變更 DCV 電子郵件的電子郵件收件人,請在您的 DV 憑證要求中,新增 dcv_emails 參數。然後,新增指定基礎網域 (example.com) 的 email_domain 欄位,以及指定想要的 DCV 電子郵件收件人的電子郵件地址 (admin@example.com) 的 email 欄位。

要求 GeoTrust Standard DV 憑證的範例

DV 憑證端點:

enhancement

我們增強了我們的 DV 憑證方案。您現在可以續訂您的 DV 憑證訂單,允許您保留原始的訂單 ID。

之前,當 DV 憑證訂單接近其到期日時,您必須在即將到期的訂單上,訂購用於網域的新憑證。

註:DV 憑證不支援網域預先驗證。續訂 DV 憑證時,您必須證明您對續訂訂單上的網域擁有控制權。

DV 憑證註冊指南中,查看續訂 DV 憑證

enhancement

我們將 CertCentral DV 憑證註冊指南移動到 https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/

PDF 版的指南仍可用 (請參閱在介紹頁面底部的連結)。

此外,我們還更新與新增指示,以涵蓋 CertCentral 中 DV 憑證的支援 DCV 方法。

  • 新增新的網域控制驗證 (DCV) 指示
    • 使用「電子郵件 DCV」方法。
    • 使用 DNS TXT DCV 方法。
    • 使用「檔案 DCV」方法。
    • 「檔案 DCV」方法一般錯誤。
  • 更新訂單 DCV 憑證指示
    • 訂購 RapidSSL Standard DV 憑證
    • 訂購 RapidSSL Wildcard DV 憑證
    • 訂購 GeoTrust Standard DV 憑證
    • Order a GeoTrust Wildcard DV 憑證
    • 訂購 GeoTrust Cloud DV 憑證
  • 更新重新發行 DV 憑證指示
    • 重新發行 RapidSSL Standard DV 憑證
    • 重新發行 RapidSSL Wildcard DV 憑證
    • 重新發行 GeoTrust Standard DV 憑證
    • 重新發行 GeoTrust Wildcard DV 憑證
    • 重新發行 GeoTrust Cloud DV 憑證
new

我們多新增兩個「網域控制驗證」(DCV) 方法到 DV 憑證訂單重新發行頁面中:DNS TXT 和檔案。

註:之前 (除非您正在使用 DigiCert Services API),您只能使用「電子郵件 DCV」方法,證明有您的 DV 憑證訂單上的網域的控制權。

現在,在訂購或重新發行 DV 憑證時,您可以選擇 DNS TXT、檔案或電子郵件作為 DCV 方法,以完成訂單的網域驗證。

new

我們新增了新的證明有網域的控制權功能到 DV 憑噔的訂單編號詳細資料頁面中。

之前,您無法採取任何行動在 DV 憑證的訂單編號詳細資料頁面上完成您的網域驗證。

現在,您可以採取更多行動完成訂單的網域驗證。

  • 使用 DNS TXT、電子郵件和檔案 DCV 方法
  • 重新傳送/傳送 DCV 電子郵件,然後選擇要傳送到哪一個電子郵件地址。
  • 確認您的網域的 DNS TXT 記錄
  • 確認您網域的 fileauth.txt 檔案
  • 選擇與訂購憑證時所選擇的不同 DCV 方法。

(在資訊看板功能表中,按一下憑證 > 訂單。在訂單頁面的 DV 憑證訂單的訂單編號欄中,按一下訂單編號。)

enhancement

我們增強了新增其他 DV 憑證資訊的 DV 憑證的訂單編號詳細資料頁面的憑證詳細資料區段。序號指紋.

註:此增強不可回溯。這些新資訊僅針對 2019 年 1 月 15 日 UTC 時間 17:00 後下的訂單出現。

(在資訊看板功能表中,按一下憑證 > 訂單。在訂單頁面的 DV 憑證訂單的訂單編號欄中,按一下訂單編號。)

enhancement

我們增強了取得訂單詳細資料端點,在回應中傳回 DV 憑證的指紋和序號。

{
"id":"12345",
"憑證":{
"id":123456,
"指紋":"{{指紋}}",
"serial_number":"{{serial_number}}
...
}

註:此增強不可回溯。僅傳回 2019 年 1 月 15 日 UTC 時間 17:00 後下的訂單的指紋和序號。

如需更多資訊,請參閱 DigiCert Services CertCentral API 文件 中的取得訂單詳細資料端點。

enhancement

我們增強了我們的 RapidSSL DV 憑證方案,讓您可以在這些單一網域憑證中,納入第二個非常特定的網域。

  • RapidSSL Standard DV
    現在根據預設值,在訂購 RapidSSL Standard DV 憑證時,您會得到憑證中兩個版本的一般名稱 —[your-domain].com 和 www.[your-domain].com。
    在輸入一般名稱後,確定勾選在憑證中納入 www.[your-domain].com 和[your-domain].com 方塊。
    之前,您必須分別訂購[your-domain].com 和 www.[your-domain].com 的憑證。
  • RapidSSL Wildcard DV
    現在根據預設值,在訂購 RapidSSL Wildcard DV 憑證時,您會得到憑證中的萬用字元網域和基礎網域 – *.[your-domain].com 和[your-domain].com。
    在輸入一般名稱後,確定勾選在憑證中納入 *.[your-domain].com 和[your-domain].com 方塊。
    之前,您必須分別訂購 *.[your-domain].com 和[your-domain].com 的憑證。

請參閱 CertCentral:DV 憑證註冊指南

enhancement

我們增強了 RapidSSL 憑證端點以納入 dns_names 參數,讓您可以在這些單一網域憑證中,納入第二個非常特定的網域。

  • RapidSSL Standard DV
    訂購 RapidSSL Standard DV 憑證時,您可在憑證中納入您的兩個版本的網域 — [your-domain].com 和 www.[your-domain].com。
    "common_name": "[your-domain].com",
    "dns_names":["www.[your-domain].com"],

    之前,您必須分別訂購[your-domain].com 和 www.[your-domain].com 的憑證。
  • RapidSSL Wildcard DV
    訂購 RapidSSL Wildcard DV 憑證時,您可在憑證中納入基礎網域 — *.[your-domain].com 和[your-domain].com)。
    "common_name": "*.your-domain.com",
    "dns_names":["[your-domain].com"],

    之前,您必須分別訂購 *.[your-domain].com 和[your-domain].com 的憑證。

關於 DigiCert Services API 文件,請參閱 CertCentral API

new

CertCentral 中提供可用的 Individual Document Signing 憑證:

  • Document Signing – Individual (500)
  • Document Signing – Individual (2000)

若要啟用使用於您的 CertCentral 帳戶的 Document Signing 憑證,請聯絡您的銷售代表。

之前,僅可以使用 Organization Document Signing (組織文件簽署) 憑證。

  • Document Signing – Organization (2000)
  • Document Signing – Organization (5000)

若要瞭解更多有關這些憑證的資訊,請參閱 Document Signing 憑證

enhancement

我們增強了訂單頁面上的訂單報告功能 (在資訊看板功能表中,按一下憑證 > 訂單)。現在當您執行報告時 (按一下訂單報告),將會納入您的 DV SSL 憑證訂單。

new

RapidSSL 和 GeoTrust DV 憑證在 CertCentral 中可用:

  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • GeoTrust Standard DV
  • GeoTrust Wildcard DV

文件