篩選依據: Services API x 清除
new

若要讓規劃您的憑證相關工作變得更容易,我們預先排程我們的 2021 維護視窗。請參閱  DigiCert 2021 排程的維護 — 此頁面有最新的所有維護時程表資訊。

我們在全世界都有客戶,因此理解沒有對每個人的最佳時間。但在檢閱與客戶使用有關的資料後,我們選擇了會影響我們最少客戶量的時段。

關於我們的維護時程表

  • 除非另有說明,否則維護的時間安排在每個月的第一個周末。
  • 每個維護視窗都排程 2 個小時。
  • 雖然我們有保護您的服務的適當備援,但有些 DigiCert 服務仍可能無法使用。
  • 一完成維護時,即繼續所有一般操作。

如果您需要更多有關這些維護時段的資訊,請聯絡您的帳戶管理器或  DigiCert 支援團隊。若要取得即時更新,請訂閱 DigiCert 狀態頁面。

new

Upcoming Schedule Maintenance

On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 20 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.


CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.


PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 60 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete our maintenance.

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

new

CertCentral Services API: Get orders by alternative order ID

We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id you provide in the URL path.

new

Verified Mark Certificates available now.

Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.

To disable or change availability of VMC in your account, visit the Product Settings page.

Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.

new

CertCentral Services API: Verified Mark Certificate enhancements

To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.

New endpoints:

Updated endpoints:

  • Order info
    We updated the Order info endpoint to return a vmc object with the trademark country code, registration number, and logo information for VMC orders.
  • Email certificate
    We updated the Email certificate endpoint to support emailing a copy of your issued VMC.

To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.

new

Upcoming schedule maintenance

On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.

Service downtime

From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:

  • CertCentral / Services API
  • Direct Cert Portal / API
  • ACME
  • Discovery / API
  • ACME agent automation / API

API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.

Service interruptions

During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:

  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • DigiCert ONE
  • Automation service
  • CT Log monitoring
  • Vulnerability assessment
  • PCI compliance scans

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • QuoVadis TrustLink

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

Upcoming scheduled maintenance

On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

new

Upcoming scheduled maintenance

On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

new

CertCentral Services API: Site seal enhancements

To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:

  • New endpoint: Upload site seal logo
    We added a new endpoint – Upload site seal logo – you can use to upload your company logo for use with a DigiCert Smart Seal. This logo appears in the site seal on your website. Note: Only Secure Site and Secure Site Pro SSL/TLS certificates support the option to display your company logo in the site seal.
  • New endpoint: Update site seal settings
    We added a new endpoint – Update site seal settings – you can use to change the appearance of your site seal and the information that displays on the site seal information page.
  • Updated endpoint: Get site seal settings
    We updated the Site seal settings endpoint to return information about each property you can customize with the Update site seal settings endpoint.

Related topics:

enhancement

CertCentral Services API: Revoke certificate by serial number

To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.

Example Revoke certificate path using the certificate ID:

https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke

Example Revoke certificate path using the certificate serial number:

https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke

Learn more about using the Revoke certificate endpoint

new

Upcoming scheduled maintenance

On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services

For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8 / API
  • PKI Platform 8 SCEP
  • PKI Platform 7 / API
  • PKI Platform 7 SCEP
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

CertCentral: New purchase order and invoice system

We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.

The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.

Pay invoices page

When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.

Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.

Purchase orders and invoices page

On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.

Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.

In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.

Existing PO and Invoice migration

  • Autogenerated invoices
    When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds).
  • Invoices generated from approved purchase orders
    When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
enhancement

CertCentral Services API: View balance enhancements

To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:

  • unpaid_invoice_balance
    Unpaid invoice balance
  • negative_balance_limit
    Amount the balance can go into the negative
  • used_credit_from_other_containers
    Amount owed by other divisions in the account (for accounts with separate division funds enabled)
  • total_available_funds
    Total funds available for future purchases

Example response: 

Example response from the View balance endpoint

For more information, see the documentation for the View balance endpoint.

enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

new

Upcoming scheduled maintenance

On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?

Please plan accordingly.

  • Schedule your high-priority orders, renewals, and reissues around the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

new

CertCentral Services API:新的子帳戶端點

為了讓管理您的子帳戶變得更加容易,我們新增了兩個新端點到 CertCentral Services API 中:列出子帳戶網域列出子帳戶組織

enhancement

CertCentral Services API:改進的建立子帳戶端點

為了提供您更多您的子帳戶的控制權,我們新增了兩個新的要求參數到建立子帳戶端點中:child_namemax_allowed_multi_year_plan_length

  • child_name – 使用此參數設定子帳戶的自訂顯示名稱。
  • max_allowed_multi_year_plan_length – 使用此參數自訂子帳戶的多年套餐訂單的最大時間長度。

JSON 要求範例:

Create subaccount example request

建立子帳戶後,使用子帳戶資訊端點檢視子帳戶的"顯示"名稱和允許的多年套餐訂單時間長度。

new

即將到來的排程維護

2021 年 2 月 6 日 22:00 到 24:00 MST (2021 年 2 月 7 日 05:00 到 07:00 UTC),DigiCert 將執行重大維護。

在維護期間,以下所列服務將關閉約 60 分鐘。由於正在執行的工作範圍的緣故,在兩個小時的維護時段內可能會有其他服務中斷。

您將無法登入這些平台和存取這些服務與 API:

  • CertCentral / Service API
  • Direct Cert Portal / Direct Cert Portal API
  • 憑證發行服務 (CIS)
  • 單一憑證註冊通訊協議 (SCEP)
  • Discovery/API
  • ACME
  • ACME 代理程式自動化/API

DigiCert 將無法發行用於這些服務和 API 的憑證:

  • CertCentral / Services API
  • Direct Cert Portal / Direct Cert Portal API
  • 憑證發行服務 (CIS)
  • 單一憑證註冊通訊協議 (SCEP)
  • 完整網站安全性(CWS)/API
  • Managed PKI for SSL (MSSL)/API
  • QV Trust 連結

這些服務不受維護活動的影響:

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE 管理員

API 備註:

  • 處理憑證相關交易的服務將無法使用,例如要求憑證、新增網域和驗證要求等。
  • API 將傳回“無法連線”錯誤。
  • 在此收到"無法連線"錯誤訊息的時段所做的憑證要求在服務還原後需要重新進行。

我可以做什麼?

訂出相應計畫:

  • 安排與維護時段有關的高優先順序訂單、續訂和重新發行的時間。
  • 預期在您使用 API 進行立刻發行憑證和自動化工作時中斷。
  • 若要取得即時更新,請訂閱  DigiCert 狀態 頁面。
  • 請參閱  DigiCert 2021 排程的維護或排程的維護日期和時間。

服務將在維護完成時盡快還原。

new

CertCentral Services API:新單位訂單詳細資料和取消單位訂單端點

我們很榮幸宣佈我們新增了兩個新端點到 CertCentral Services API 中:單位訂單詳細資料取消單位訂單

這些端點允許您取得與單位訂單有關的資訊和取消單位訂單。

取消單位訂單:

  • 您只可以在下訂單後的三十天內取消訂單。
  • 如果訂單上的子帳戶已花費任何單位,您就無法取消單位訂單。

如果您管理使用單位作為付款方法的子帳戶,您現在可以使用 Services API 執行以下的工作:

enhancement

CertCentral Services API:改進的產品清單、產品限制和產品資訊端點

為了讓在您的帳戶中尋找數位憑證產品的可用訂單有效期間變得更容易,我們新增了新的回應參數到「產品清單」、「產品限制」和「產品資訊」端點中。

這些新回應參數允許您檢視您帳戶中每個產品的預設和自訂的訂單有效期。

產品清單端點

allowed_order_validity_years 參數傳回您帳戶中每個產品的支援的訂單有效期間的清單。

產品限制端點

allowed_order_lifetimes 參數傳回您的帳戶中有不同分部和使用者角色任何的使用者的自訂訂單有效期限制的淸單。

產品資訊端點

  • allowed_order_validity_years 參數在您要求憑證產品時,傳回可用的訂單有效期間的清單。
  • custom_order_expiration_date_allowed 參數在您要求憑證產品時,傳回說明您是否可以設定自訂訂單到期日的布林值。
enhancement

CertCentral Services API:改進的子帳戶訂單資訊端點

為了讓尋找子帳戶訂單的有效期間相關資訊變得更容易,我們加入了新的反應參數到子帳戶訂單資訊端點中。這些新回應參數允許您查看訂單開始日期、訂單結束日期和訂單是否為多年套餐。

  • 如果訂單是多年套餐,is_multi_year_plan 參數會傳回 "1"
  • order_valid_from 參數傳回訂單有效期間的開始日期。
  • order_valid_till 參數傳回訂單有效期間的結束日期。

有新參數的範例回應

Subaccount order updates

new

即將到來的排程維護

2020 年 1 月 9 日 22:00 到 24:00 MST (2021 年 1 月 10 日 05:00 到 07:00 UTC),DigiCert 將執行排程的維護。

雖然我們有保護您的服務的適當備援,但有些 DigiCert 服務在這段時間內仍可能無法使用。

您可以做什麼?
請訂出相應計畫。

  • 安排維護時段外的高優先順序訂單、續訂、重新發行和複本發行的時間。
  • 若要取得即時更新,請訂閱 DigiCert 狀態頁面。
  • 關於排程的維護日期和時間,請參閱 DigiCert 2021 排程的維護

服務將在維護完成時盡快還原。

new

CertCentral Services API:更新續訂通知設定

我們新增了新端點到 CertCentral Services API 合約中:更新續訂通知設定使用此端點啟用或停用憑證訂單的續訂通知。 

如需更多資訊,請造訪 Services API 文件中用於此端點的參考主題:

enhancement

自訂您的 DigiCert 多年套餐的生命周期

我們很榮幸宣佈現在您可以在 CertCentral 中要求 TLS 憑證時,設定您的多年套餐 (MyP) 的自訂生命周期。在 TLS 憑證申請表上,使用新的自訂訂單有效期選項,自訂您的 TLF 憑證訂單的時間長度。

註:依業界最佳作法,最大的 TLS 憑證有效期是 397 天。請參閱結束 2 年期公用 SSL/TLS 憑證

您可以根據天數或到期日來設定自訂的多年套餐訂單時間長度。最大訂單時間長度是 2190 天 (6 年)。最小訂單時間長度是 7 天。

註:自訂訂單在我們發行訂單的憑證那天開始。訂單價格依比例分配以符合所選擇的憑證和您的自訂訂單時間長度

若要自訂您的 MyP 涵蓋時間長度

  1. 在「要求憑證」表格上,按一下選擇涵蓋時間長度
  2. 在「您需要保護您的網站多長的時間」彈出視窗中,選擇自訂訂單有效期
  3. 在「選擇您的客戶訂單時間長度」下,設定您的多年套餐的使用壽命。
    1. 自訂訂單時間長度
      指定您的套餐的時間長度 (天數)。
    2. 自訂訂單到期日
      選擇您要您的訂單到期的日期。
  4. 按一下儲存
enhancement

更新的使用於公用 TLS 憑證的產品設定

為了提供更多您的憑證訂購程序的控制權,我們更新了使用於公用 TLS 憑證的產品設定:現在您可以決定在訂購公用 TLS 憑證時,使用者可以選擇的允許的多年套餐訂單時間長度。

在 TLS 憑證的產品設定頁面上,使用允許的有效期間選項,決定出現在 TLS 憑證申請表上的多年套餐訂單時間長度:1 年、2 年、3 年、4 年、5 年和 6 年。請注意,對產品做的變更套用到透過 CertCentral 和 Services API 做的要求中。

註:之前,允許的有效期間選項用於在訂購公用 TLS 憑證時,決定使用者可選擇的最長憑證使用壽命。但隨著業界轉移到 1 年憑證後,憑證時間長度再也不需要此選項。請參閱結束 2 年期公用 SSL/TLS 憑證

設定用於 TLS 憑證的允許的多年套餐訂單時間長度

  1. 在左側的主功能表中,前往設定 > 產品設定
  2. 在「產品設定」頁面上,選擇公用 TLS 憑證。例如,選擇 Secure Site OV
  3. 在「Secure Site OV」下的允許的有效期間下拉清單中,選擇有效期間。
  4. 按一下儲存設定

下次使用者訂購 Secure Site OV 憑證時,他們將只看到您在申請表上選擇的有效期間長度。

註:設定多年套餐訂單時間長度的限制會從您的 TLS 憑證申請表中移除自訂有效期選項。

enhancement

CertCentral 網域頁面:改進的 domains.csv 報告

在「網域」頁面上,我們改進了 CSV 報告,讓追蹤 OV 和 EV 網域驗證到期日和檢視之前使用的網域控制驗證 (DCV) 方法變得更加容易。

下次您下載 CSV 檔案時,您將看到報告中的三個新欄:

  • OV 到期
  • EV 到期
  • DCV 方法

若要下載 domains.csv 報告

  1. 在左側的主功能表中,前往憑證 > 網域
  2. 在「網域」頁面的下載 CSV 下拉清單中,選擇下載所有記錄

當您開啟 domains.csv 時,您應該會看到您報告中的新欄和新資訊。

enhancement

CertCentral 訂單頁面:改進的載入時間

在 CertCentral,我們更新了「訂單」頁面以改進管理大量憑證訂單的載入時間。下次您造訪「訂單」頁面時,頁面的開啟會更快速 (在左側的主功能表中,前往憑證 > 訂單)。

為了改進載入時間,我們變更了在初始頁面檢視時篩選您的憑證訂單的方式。之前,我們將頁面篩選為只顯示啟用的憑證訂單。但這會在大容量的憑證訂單造成問題。您的帳戶有越多訂單,「訂單」頁面開啟所花費的時間越長。

現在,當您造訪頁面時,我們以降冪順序傳回您所有未經篩選的憑證,與清單中最先出現的最近建立的憑證訂單。如果只要查看您的啟用的憑證,請在狀態下拉清單中,選擇啟用,然後按前往

new

CertCentral Services API:購買用於子帳戶的單位和檢視單位訂單

在 CertCentral Services API,我們新增了用於購買單位和檢視單位訂單的新端點。現在,如果您管理使用單位作為憑證要求的付款方法的子帳戶,您可以使用 Services API 購買更多用於子帳戶的單位,以及取得與您的單位訂單歷史記錄有關的資訊。

如需更多資訊,請參閱新端點的參考文件:

enhancement

CertCentral Services API:文件更新

我們很榮幸宣佈以下用於 CertCentral Services API 的文件更新:

  • 新票券價格預估 API
    我們發佈了用於票券價格預估端點的新參考主題。使用票券的客戶可以使用此端點預估特定票券組態的訂單成本 (包含稅金)。
  • 更新的 API 詞彙
    我們使用新表格更新詞彙,定義不同的組織驗證狀態值。請參閱詞彙 – 組織驗證狀態
  • 新增要求參數到更新帳戶電郵文件中
    我們新增了emergency_emails要求參數到用於更新帳戶電郵端點的文件中。使用此端點更新接收 DigiCert 緊急通知的電郵地址。

範例 更新帳戶電郵要求本文:

emergency_emails.png
  • 新增回應參數到產品資訊文件中
    我們新增了 validation_type, allowed_ca_certs, 和 default_intermediate 回應參數到用於產品資訊端點的文件中。
    • 使用 validation_type 參數取得指定產品的驗證類型。
    • 使用 allowed_ca_certs 參數取得與您訂購指定產品時可以選擇的 ICA 憑證有關的資訊。*
    • 使用 default_intermediate 參數取得指定產品的預設 ICA 的 ID。*

範例 產品資訊回應資料

Product info response.png

* 註:產品資訊端點僅傳回支援 ICA 選擇的產品的 allowed_ca_certsdefault_intermediates 參數。對於支援 ICA 選擇的公用 SSL 憑證 (OV 和 EV 彈性憑證),僅在針對帳戶啟用 ICA 選擇時傳回這些參數。此外,如果系統管理員已自訂帳戶中的分部或使用者角色的產品設定,則僅傳回 default_intermediates 參數。如需更多資訊,請參閱 適用於公用 OV 和 EV 彈性憑證的 ICA 憑證鏈選項

enhancement

CertCentral Services API:新增用於新網域的 DCV 令牌到用於 OV 和 EV 憑證訂單的回應資料中

我們已更新訂購公用 OV 和 EV SSL 憑證的端點,以傳回訂單上的新網域的網域控制驗證 (DCV) 要求令牌。

現在,當您要求 OV 或 EV 憑噔時,您不再需要發行單獨的要求以取得用於訂單上的新網域的 DCV 要求令牌。相反的,您可以直接從回應資料中取得用於訂單要求的令牌。

範例回應資料:

Example response for an OV order with a new domain

註:dcv_token 物件未針對將在訂單的其他網域範圍下驗證的網域、已存在您的帳戶中的網域或現有網域的子網域傳回。

此更新適用於以下的端點:

new

適用於公用 OV 和 EV 彈性憑證的 ICA 憑證鏈選擇

我們很榮幸宣佈,有彈性功能的公用 OV 和 EV 憑證現在支援中介 CA 憑證鏈選擇。

您可以新增選項到您的 CertCentral 帳戶中,讓您可以控制由哪一個 DigiCert ICA 憑證發行您的公用 OV 和 EV "彈性"憑證。

此選項允許您:

  • 設定每份公用 OV 和 EV 彈性憑證的預設 ICA 憑證鏈。
  • 控制憑證要求者可使用哪一個 ICA 憑證鏈發行他們的彈性憑證。

設定 ICA 憑證鏈選擇

若要關閉您的帳戶的 ICA 選擇,請聯絡您的帳戶管理器或我們的支援團隊。然後在您的 CertCentral 帳戶的「產品設定」頁面上 (在左側的主功能表中,前往設定 > 產品設定),設定每個類型的 OV 和 EV 彈性憑證的預設和允許的中介憑證。

如需更多資訊和逐步說明,請參閱適用於公用 OV 和 EV 彈性憑證的 ICA 憑證鏈選項

new

DigiCert Services API 支援 ICA 憑證鏈選擇

在 DigiCert Services API 中,我們做了以下的更新以支援您的 API 整合中的 ICA 選擇:

  • 建立新的 產品限制端點
    使用此端點取得針對您的帳戶中的每個分部啟用的產品的限制和設定有關的資訊。這包括用於每個產品的預設和允許的 ICA 憑證鏈的 ID 值。
  • 新增的對公用 TLS OV 和 EV 彈性憑證訂單要求的 ICA 選擇支援
    在您設定產品的允許中介憑證後,您可以選擇在您使用 API 提交訂單要求時,應發行您的憑證的 ICA 憑證鏈。
    在您的訂單要求的本文中,傳遞發行 ICA 憑證的值的 ID 作為 ca_cert_id 參數的值。

彈性憑證要求範例:

Example flex certificate request

如需更多有關在您的 API 整合中使用 ICA 選擇的資訊,請參閱 OV/EV 憑證生命週期 – (選用) ICA 選擇

enhancement

DigiCert® 多年套餐可用於所有 DigiCert 公用 SSL/TLS 憑證

我們很榮幸宣佈現在 CertCentral 的所有公用 SSL/TLS 憑證中可使用多年套餐。這些套餐允許您支付一次費用即可得到最長六年的 SSL/TLS 憑證涵蓋時間。

企業授權協議 (ELA) 合約僅支援 1 年期和 2 年期的多年套餐。均一費率合約不支援多年套餐。如果您有均一費率合約,請聯絡您的帳戶管理器尋找可配合您的合約的解決方案。

使用多年套餐後,您可以選擇 SSL/TLS 憑證、您想要涵蓋的時間長度 (最長六年) 和憑證有效性。訂單到期前,每次重新發行憑證時都無需其他費用,直到有效期間結束為止。如需更多資訊,請參閱多年套餐

enhancement

DigiCert Services API 變更支援多年套餐

在我們的 Services API 中,我們更新了我們的公用 SSL/TLS 憑證端點,以支援訂購有多年套餐的憑證。

對於訂購公用 SSL/TLS 憑證的每個端點,我們新增了新的選用的*要求參數。此外,我們已更新這些端點,因此您的訂單的有效期間不再必須配合您的憑證的有效期間。

  • 新的選用的 cert_validity 參數
    使用此參數定義針對訂單發行的第一份憑證的有效期間。如果從您的要求省略 cert_validity 參數,您的憑證有效期預設為 DigiCert 和業界標準允許的最長有效期或訂單的有效期間,以較快到的為準。
  • 新的選用的 order_validity 參數*
    使用此參數定義訂單的有效期間。訂單有效期決定多年套餐的長度。
  • 更新的最上層 validity_years, validity_days, custom_expiration_date 參數*
    對於現有的 API 整合,您仍可以使用這些現有的參數定義訂單的有效期間。但我們建立更新您的整合以改用新參數。請記住,使用多年套餐後,您的訂單的有效期間可能和您的憑證的不同。

*註:要求必須包括適用於 order_validity 物件或其中一個最上層訂單有效期參數的值: validity_years, validity_days, 或 custom_expiration_date。您在 order_validity 物件中提供的值會覆寫最上層有效期參數。

這些變更應該不會影響您目前的整合。但為了最大化您的的 SSL/TLS 涵蓋範圍,您可能想要開始購買您的公用 SSL/TLS 憑證和多年套餐。關於 API 整合,請參閱訂購多年套餐

有新參數的憑證要求範例

Example SSL certificate request with new certificate and order valdity parameters

new

現在推出多年套餐

我們很榮幸宣佈現在 CertCentral 和 CertCentral Partners 可使用多年套餐。

DigiCert® 多年套餐允許您支付一次費用即可得到最長六年的 SSL/TLS 憑證涵蓋時間。使用多年套餐後,您可以選擇 SSL/TLS 憑證、您想要涵蓋的時間長度 (最長六年) 和憑證有效性。訂單到期前,每次重新發行憑證時都無需其他費用,直到有效期間結束為止。

2020 年 9 月 1 日,SSL/TLS 憑證有效期將從 825 天變成 397 天。多年套餐的啟用的憑證即將到期時,重新發行憑證以保持您的 SSL/TLS 涵蓋時間。

compliance

瀏覽器結束支援 TLS 1.0 和 1.1

四款主流瀏覽器不再支援 Transport Layer Security (運輸層安全性,TLS) 1.0 和 1.1。

您需要知道的事項

此變更不會影響您的 DigiCert 憑證。您的憑證一如以往持續運作。

此變更影響依賴瀏覽器的服務和依賴 TLS 1.0 或 1.1 的應用程式。瀏覽器的 TLS 1.0 或 1.1 支援一結束時,任何過期的系統將無法進行 HTTPS 連線。

您需要做的事項

SSL/TLS如果您受到此變更影響,而且您的系統支援更新版本的 TLS 通訊協議,請盡快將您的伺服器組態升級至 TLS 1.2 或 TLS 1.3。

如果您未升級至 TLS 1.2 或 1.3,您的網頁伺服器、系統或代理程式將無法使用 HTTPS 與憑證安全的通訊。

瀏覽器 TLS 1.0/1.1 取代資訊

Firefox 78,2020 年 6 月 30 日發佈

Safafi 13.1,2020 年 3 月 24 日發佈

Chrome 84,2020 年 7 月 21 日發佈

Edge v84,2020 年 7 月 16 日發佈

實用資源

由於有如此多的唯一系統依賴 TLS,因此我們無法涵蓋所有升級路徑,但在此有些可能有幫助的參考:

enhancement

CertCentral Services API:更新錯誤訊息文件

在 Services API 文件中,我們已更新了錯誤 頁面,納入錯誤訊息相關說明:

  • 立刻發行 DV 憑證
  • 網域控制驗證 (DCV)
  • 憑證授權機關授權 (CAA) 資源記錄檢查

今年稍早時,我們改進了 DV 憑證訂單和 DCV 要求的 API,在 DCV、檔案授權、DNS 查詢或 CAA 資訊記錄檢查失敗時,提供更詳細的錯誤訊息。現在,當您收到這些錯誤訊息之一時,請查看「錯誤」頁面以取得更多疑難排解資訊。

如需更多資訊