篩選依據: New x 清除
new

New location for API Keys and ACME Directory URLs

With more and more organizations working to automate SSL/TLS certificate deployment, we added a new left main menu optionAutomationand placed the two primary tools for automating certificate deployment under the new menu option: API Keys and ACME Directory URLs.

Previously, you accessed these features from the Account Access page. Now, we've conveniently added them to the left main menu (in the main menu, click Automation > API Keys and Automation > ACME Directory URLs).

Note: Only account administrators and managers can see the Automation menu options in their left main menu.

new

We added two new statuses to the Organizations and Organization details pages: validation expires soon, and validation expired. These new statuses make it easier to proactively track your organization validations and make sure they stay up to date.

Now, when you visit the Organizations page (in the sidebar menu click Certificates > Organizations), you can quickly identify organizations with validation that is expiring soon or has already expired. For more details about the expiring or expired organization validation, click the organization name.

fix

We fixed a bug where some accounts were unable to submit organizations for EV CS – Code Signing Organization Extended Validation. The affected accounts only contained EV Code Signing and Code Signing products.

As part of the fix, we split up the EV and EV CS verified contact options. Now, when submitting an organization for EV CS – Code Signing Organization Extended Validation, you can submit the organization's verified contact for EV CS order approvals only. Similarly, when submitting an organization for EV – Extended Organization Validation (EV), you can submit the organization's verified contact for EV SSL certificate order approvals only.

Note: For EV code signing certificate orders, organizations and the organization's verified contacts need to be pre-validated. For more information about organization pre-validation, see our Submit an organization for pre-validation instructions.

enhancement

In Discovery, we updated the Certificates page, adding a new action—Replace certificate—to the Actions dropdown. Now, from the Certificates page, you can replace any certificate with a DigiCert certificate regardless of issuing CA.

(In the sidebar menu, click Discovery > View Results. On the Certificates page, locate the Actions dropdown for the certificate you want to replace. Click Actions > Replace certificate.)

enhancement

In Discovery, we updated the Certificates by rating widget on the Discovery dashboard, making it easier to see the security ratings for your public SSL/TLS certificates (in the sidebar menu, click Discovery > Discovery Dashboard).

As part of the update, we renamed the widget: Certificates analyzed by security rating. Then, we split the chart on the widget into two charts: Public and Others. Now, you can use the Public | Others toggle switch on the widget to select the chart you want to see.

The Certificates analyzed by security rating - Public chart displays the ratings for your public SSL/TLS certificates only. The Certificates analyzed by security rating - Other chart displays the rating for all your other SSL/TLS certificates (e.g., private SSL certificates).

enhancement

In Discovery, we updated the Endpoints and Server details pages making it easier to see the correlation between the IP address and the hostname/FQDN scan it resulted from.

Now, when you configure a scan for a hostname/FQDN, and the scan's endpoint results return IP addresses, we include the hostname/FQDN from the scan with the IP address.

Update note: The hostname update is available in the latest sensor version – 3.7.10. After the sensors updates are completed, rerun scans to see the hostname/IP address correlation on your scan results.

new

In the DigiCert Services API, we added two new endpoints for ordering your Secure Site Pro certificates: Order Secure Site Pro SSL and Order Secure Site Pro EV SSL.

  • POST https://www.digicert.com/services/v2/order/certificate/ssl_securesite_pro
  • POST https://www.digicert.com/services/v2/order/certificate/ssl_ev_securesite_pro

Benefits included with each Secure Site Pro certificate

Each Secure Site Pro certificate includes – at no extra cost – first access to premium feature such as the Post Quantum Cryptographic (PQC) toolkit.

Other benefits include:

  • Priority validation
  • Priority support
  • Two premium site seals
  • Malware check
  • Industry-leading warranties – protection for you and your customer!

To learn more about our Secure Site Pro certificates, see DigiCert Secure Site Pro.

To activate Secure Site Pro certificates for your CertCentral account, contact your account manager or our support team.

new

我們已新增新的工具到我們的 CertCentral 組合中—探索—提供您的整個 SSL/TLS 憑證全貌的即時分析。

「探索」是針對快速尋找您的所有面向內部和公用的 SSL/TLS 憑證而設計,與發行的憑證授權單位 (CA) 無關,「探索」找出憑證設定和實行的問題,以及您的端點設定中與憑證相關的漏洞或問題。

註:「探索」使用感應器掃描您的網路。感應器是安裝在策略位置的小型軟體應用程式。每次掃描都連結一個感應器。

從您的 CertCentral 帳戶內部,集中設定和管理掃描。掃描結果顯示在 CertCentral 內部的直覺與互動式儀表板上。設定掃描執行一次,或在設定好的時程執行多次。

enhancement

我們已更新「CertCentral SAML 聯盟設定」,讓您可以不讓您的聯盟名稱出現在 SAML 單一登入 IdP 選擇SAML 憑證要求 IdP 選擇頁面上的 IdP 清單中。

現在,在「聯盟設定」頁面的「您的 IDP 的中繼資料」下,我們新增了納入聯盟名稱選項。如果您不想要您的聯盟名稱出現在 IdP 選擇頁面的 IdP 清單上,,請取消勾選新增我的同盟名稱到 IdP 的清單中

new

在 CertCentral 中可用的 Secure Site Pro TLS/SSL 憑證。使用 Secure Site Pro 依照網域向您收費,沒有基礎憑證費用。新增一個網域就收取一個的費用。需要九個網域時,就收取九個的費用。保護一份憑證上最多 250 個網域的安全。

我們提供兩種類型的 Secure Site Pro 憑證,一種適用於 OV 憑證,另一種適用於 EV 憑證。

  • Secure Site Pro SSL
    取得符合您的需求的 OV 憑證。對網域、一個萬用字元網域和所有其子網域提供加密和驗證,或使用主體別名 (SAN) 以一份憑證保護多個網域和萬用字元網域的安全。
  • Secure Site Pro EV SSL
    取得符合您的需求的延伸驗證憑證。提供加密或驗證以保護一個網域的安全,或使用主體別名 (SAN) 以一份憑證保護多個網站的安全 (完全合格的網域名稱)。

每份 Secure Site Pro 憑證具有的優點

每份 Secure Site Pro 憑證都包括 – 無額外費用 – 先存取將來的其他進階功能到 CertCentral (例如 CT 記錄監控和驗證管理)。

其他優點包括:

  • 優先驗證
  • 優先支援
  • 兩個進階網站圖章
  • 惡意軟體檢查
  • 領先業界的保證

若要啟用用於您的 CertCentral 帳戶的 Secure Site Pro 憑證,請聯絡您的帳戶管理員或我們的支援團隊

若要瞭解更多有關我們的 Secure Site Pro 憑證的資訊,請參閱 DigiCert Secure Site Pro

compliance

Public SSL 憑證不再保護有底線 ("_") 的網域名稱的安全。網域名稱中,所有有底線的之前發行的憑證必須在此日期前到期。

註:喜好的底線解決方法是將包含底線的主機名稱 (FQDN) 重新命名,並且取代憑證。但對於無法重新命名的情況,您可以使用私密憑證,而且在有些情況中,您可以使用保護整個網域的安全的萬用字元憑證

如需更多詳細資料,請參閱去除網域名稱中的底線

enhancement

我們增強了我們的 RapidSSL DV 憑證方案,讓您可以在這些單一網域憑證中,納入第二個非常特定的網域。

  • RapidSSL Standard DV
    現在根據預設值,在訂購 RapidSSL Standard DV 憑證時,您會得到憑證中兩個版本的一般名稱 —[your-domain].com 和 www.[your-domain].com。
    在輸入一般名稱後,確定勾選在憑證中納入 www.[your-domain].com 和[your-domain].com 方塊。
    之前,您必須分別訂購[your-domain].com 和 www.[your-domain].com 的憑證。
  • RapidSSL Wildcard DV
    現在根據預設值,在訂購 RapidSSL Wildcard DV 憑證時,您會得到憑證中的萬用字元網域和基礎網域 – *.[your-domain].com 和[your-domain].com。
    在輸入一般名稱後,確定勾選在憑證中納入 *.[your-domain].com 和[your-domain].com 方塊。
    之前,您必須分別訂購 *.[your-domain].com 和[your-domain].com 的憑證。

請參閱 CertCentral:DV 憑證註冊指南

enhancement

我們增強了 RapidSSL 憑證端點以納入 dns_names 參數,讓您可以在這些單一網域憑證中,納入第二個非常特定的網域。

  • RapidSSL Standard DV
    訂購 RapidSSL Standard DV 憑證時,您可在憑證中納入您的兩個版本的網域 — [your-domain].com 和 www.[your-domain].com。
    "common_name": "[your-domain].com",
    "dns_names":["www.[your-domain].com"],

    之前,您必須分別訂購[your-domain].com 和 www.[your-domain].com 的憑證。
  • RapidSSL Wildcard DV
    訂購 RapidSSL Wildcard DV 憑證時,您可在憑證中納入基礎網域 — *.[your-domain].com 和[your-domain].com)。
    "common_name": "*.your-domain.com",
    "dns_names":["[your-domain].com"],

    之前,您必須分別訂購 *.[your-domain].com 和[your-domain].com 的憑證。

關於 DigiCert Services API 文件,請參閱 CertCentral API

new

CertCentral 中提供可用的 Individual Document Signing 憑證:

  • Document Signing – Individual (500)
  • Document Signing – Individual (2000)

若要啟用使用於您的 CertCentral 帳戶的 Document Signing 憑證,請聯絡您的銷售代表。

之前,僅可以使用 Organization Document Signing (組織文件簽署) 憑證。

  • Document Signing – Organization (2000)
  • Document Signing – Organization (5000)

若要瞭解更多有關這些憑證的資訊,請參閱 Document Signing 憑證

new

RapidSSL 和 GeoTrust DV 憑證在 CertCentral 中可用:

  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • GeoTrust Standard DV
  • GeoTrust Wildcard DV

文件

一月 12, 2018

new

DigiCert 進行其他公開可用的 CT 記錄 (Nessie)。Nessie 是新的、有高度使用彈性的高效能憑證透明度 (CT) 記錄。

此 CT 記錄由五個記錄所組成,根據憑證到期以增量為一年的速度分享。以下是 CT 記錄端點 URL 及其憑證到期範圍和憑證到期範圍。

更多詳細資料 »