篩選依據: DV SSL certificates x 清除
enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

new

CertCentral Services API:文件更新

我們新增了新的要求參數到 DV 憑證訂單的 CertCentral Services API 文件中。use_auth_key. 在有現有的驗證密鑰的帳戶中,此參數允許您在下 DV 憑證訂單時,選擇是否檢查您的驗證密鑰要求令牌的 DNS 記錄。

根據預設值,如果存在您的帳戶的驗證密鑰,您必須在訂購 DV 憑證前,新增驗證密鑰要求令牌到您的 DNS 記錄中。驗證密鑰要求令牌可以立刻發行憑證,減少您在憑證生命周期管理上花費的時間。但有時候您可能需要使用電郵驗證或 DigiCert 產生的令牌確認有網域的控制權。在這些情況中,use_auth_key 參數允許您停止檢查訂單層級的驗證密鑰要求令牌,因此您可以使用其他方法證明有網域的控制權。如需更多有關網域控制驗證 (DCV) 的資訊,請參閱網域控制驗證 (DCV) 方法

若要停用 DV 憑證訂單的驗證密鑰驗證方法,憑證訂單的驗證密鑰驗證方法,請在要求的 JSON 負載中加入 use_auth_key 參數。例如:

use_auth_key sample

以下的端點支援 use_auth_key 參數:

如需更多有關使用驗證密鑰進行立刻發行 DV 憑證的資訊,請參閱立刻發行 DV 憑證

註:use_auth_key 參數在針對 Encryption Everywhere DV 憑證的要求中遭到忽略。所有針對 Encryption Everywhere DV 憑證的要求都需要 DCV 的驗證密鑰要求令牌。此外,OV 和 EV SSL 產品不支援 use_auth_key 要求參數。

enhancement

CertCentral:自動 DCV 檢查 – DCV 輪詢

我們很榮幸宣佈我們已改進了網域控制驗證 (DCV) 程序,並新增了 DNS TXT、DNS CNAME 和 HTTP 現實論證 (檔案驗證) DCV 方法的自動檢查。

這表示,您將 fileauth.txt 檔案放到您的網域上,或新增隨機值到您的 DNS TXT 或 DNS CNAME 記錄後,您不需要擔心登入 CertCentral 以自行執行檢查。我們將自動執行 DCV 檢查。雖然您仍可以在需要時執行手動檢查。

DCV 輪詢步調

在提交您的公用 SSL/TLS 憑證訂單、提交網域進行預先驗證或變更網域的 DCV 方法後,DCV 輪詢會立刻開始並執行一星期。

  • 間隔 1 - 前 15 分鐘的每一分鐘
  • 間隔 2 - 每五分鐘,為期一小時
  • 間隔 3 - 每十五分鐘,為期四小時
  • 間隔 4 - 每一小時,為期一天
  • 間隔 5 - 每四小時,為期一周*

*在間隔 5 後,我們停止檢查。如果您在第一星期結束前尚未將 fileauth.txt 檔案放到您的網域上,或新增隨機值到您的 DNS TXT 或 DNS CNAME 記錄中,您需要自行執行檢查。

如需更多有關支援的 DCV 方法的資訊: