CertCentral: DigiCert KeyGen, our new key generation service
DigiCert is happy to announce our new key generation service—KeyGen. Use KeyGen to generate and install your client and code signing certificates from your browser. KeyGen can be used on macOS and Windows and is supported by all major browsers.
With KeyGen, you don't need to generate a CSR to order your client and code signing certificates. Place your order without a CSR. Then after we process the order and your certificate is ready, DigiCert sends a "Generate your Certificate" email with instructions on using KeyGen to get your certificate.
How does KeyGen work?
KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and DigiCert sends the certificate back to KeyGen. Then KeyGen downloads a PKCS12 (.p12) file to your desktop that contains the certificate and the private key. The password you create during the certificate generation process protects the PKCS12 file. When you use the password to open the certificate file, the certificate gets installed in your personal certificate store.
To learn more about generating client and code signing certificates from your browser, see the following instructions:
Verified Mark Certificates (VMC): Three new approved trademark offices
We are happy to announce that DigiCert now recognizes three more intellectual property offices for verifying the logo for your VMC certificate. These new offices are in Korea, Brazil, and India.
New approved trademark offices:
Other approved trademark offices:
What is a Verified Mark Certificate?
Verified Mark Certificates (VMCs) are a new type of certificate that allows companies to place a certified brand logo next to the “sender” field in customer inboxes.
Bugfix: Code Signing (CS) certificate generation email sent only to CS verified contact
We fixed a bug in the Code Signing (CS) certificate issuance process where we were sending the certificate generation email to only the CS verified contact. This bug only happened when the requestor did not include a CSR with the code signing certificate request.
Now, for orders submitted without a CSR, we send the code signing certificate generation email to:
Note: DigiCert recommends submitting a CSR with your Code Signing certificate request. Currently, Internet Explorer is the only browser that supports keypair generation. See our knowledgebase article: Keygen support dropped with Firefox 69.
Firefox 69 推出後，Firefox 最終放棄 Keygen 的支援。在他們的瀏覽器中產生 Code Signing、Client 和 SMIME 憑證時，Firefox 使用他們的 Keygen 促進產生用於提交公用密鑰的密鑰材料。
註：Chrome 已放棄對產生密鑰的支援，而 Edge 和 Opera 從未支援。
在 DigiCert 發行您的 Code Signing、Client 和 SMIME 憑證後，我們傳送內有建立和安裝您的憑證的連結的電郵給您。
一發行 Firefox 69 時，您僅能使用兩款瀏覽器產生這些憑證：Internet Explorer 和 Safari。如果公司政策要求使用 Firefox，您可以使用 Firefox ESR 或可攜式 Firefox。
如需更多資訊，請參閱使用放棄對 Firefox 69 的 Keygen 支援。
我們更新了我們的 Extended Validation (延伸驗證，EV) Code Signing (代碼簽署，CS) 和 Document Signing (文件簽章，DS) 憑證重新發行程序，讓您可以重新發行這些憑證，毋須自動撤銷目前的憑證 (原始或之前重新發行的憑證)。
現在，下次您重新發行 EV CS 或 DS 憑證時，您可以保持啟用之前發行的憑證到其目前的有效期間為止 (或只要您需要)。