篩選依據: discovery x 清除
new

Discovery: Account setting for discovered certificate renewal notifications

In Discovery, we added a new account setting, Turn on discovered certificate renewal notifications, enabling you to receive renewal notifications for your expiring "discovered" SSL/TLS certificates. These renewal notifications include the option to renew your SSL/TLS certificate with us. When renewing a "discovered" SSL/TLS certificate in CertCentral, we'll replace it with an equivalent DigiCert certificate.

By default, renewal notices for discovered certificates are turned off for a CertCentral account*. To start receiving renewal notices for your expiring discovered certificates, go to Settings > Preferences. In the Certificate Renewal Settings section, check Turn on discovered certificate renewal notifications.

*Note: With the roll out of this new setting, you may need to turn Discovery renewal notifications back on for your account.

To learn more, see Discovery renewal notices.

十二月 10, 2019

new

Discovery Cloud-scan service

We've added a new feature to Discovery—Cloud-scan service—that uses a cloud-based sensor to find your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA).

Discovery Cloud-scan is a free cloud service so there is nothing to install or manage. You can start scanning immediately to find your public SSL/TLS certificates. There is no limit to the number of cloud-based scans you can run.

Cloud-scan runs every 24 hours and use the most recently saved scan configuration. Cloud-scan provides detailed information about the certificates found and the endpoints where those certificates are installed.

Note: This is the open beta for the Cloud-scan service.

To get started, in the left main menu, go to Discovery > Manage Discovery. On the Manage scans page, click Single cloud scan. To learn more, see Discovery Cloud-scan service.

十一月 21, 2019

new

Discovery: Renewal notifications for non-DigiCert SSL/TLS certificates

In Discovery, we added renewal notifications for non-DigiCert certificates, making it easier to manage all your SSL/TLS certificates in one place—CertCentral. Now, when Discovery finds non-DigiCert certificates, we'll send renewal notifications for these certificates regardless of issuing Certificate Authority (CA).

Note: When renewing a non-DigiCert SSL/TLS certificate in CertCentral, we'll replace it with the equivalent DigiCert certificate. For example, we'll replace a non-DigiCert single-domain SSL certificate with a DigiCert single-domain SSL certificate.

Who receives these renewal notifications?

By default, Discovery sends renewal notifications for non-DigiCert SSL/TLS certificates to the primary CertCentral administrator—the individual who created the account and receives all account notifications.

We also send renewal notifications to any additional email addresses assigned to receive account notifications. See Set up account email notifications and Certificate renewal notifications.

When are these renewal notifications sent?

Discovery uses your CertCentral renewal notification settings to determine when to send renewal notifications for non-DigiCert certificates. By default CertCentral sends renewal notifications 90, 60, 30, 7, and 3 days before a certificate expires and 7 days after a certificate expires.

To customize your renewal notifications schedule, see Certificate renewal notifications.

new

Discovery: Customize non-DigiCert SSL/TLS certificate renewal notification process

In Discovery, on the Certificates page, we added three new certificate renewal actions to the Actions column dropdown for non-DigiCert certificates: Disable renewal notices, Enable renewal notices, and Renewal notifications. Renewal notifications allows you to add email addresses to receive renewal notifications for a certificate.

On the Certificates page, you can now update your non-DigiCert certificate renewal process to fit your certificate needs. (In the left main menu, go to Discovery > View Results.)

Note: By default, Discovery sends renewal notifications for all discovered non-DigiCert SSL/TLS certificates.

To customize renewal notifications for non-DigiCert SSL/TLS certificates, see Discovery renewal notices.

十一月 8, 2019

new

We are happy to announce a new addition to the DigiCert Developers portal—Discovery API. We just published our first set of Discovery API endpoints. More will follow as we continue to build out the Discovery API documentation.

Why use it?

  • Access Discovery features without signing into your CertCentral account.
  • Customize the Discovery experience to meet the needs of your organization.
  • Integrate with your existing tools.

Sample of endpoints you can start using now:

Tips and Tricks

  • Discovery API uses this base URL: https://daas.digicert.com/apicontroller/v1/
  • Discovery API requires admin or manager level permissions.
new

In Discovery, we added a new feature—Add root and intermediate CAs—that lets you upload public and private root and intermediate CAs. Use this feature to get more accurate security ratings for certificates chained to them.

If Discovery is unable to locate the root and intermediate CAs for a certificate, it down grades the certificate's security rating. By uploading a copy of the certificate's intermediate and root CAs, the next time Discovery runs a scan that includes that certificate, you'll get a more accurate rating.

Note: Supported certificate formats: .der and .cer

In CertCentral, in the left main menu, click Discovery > Manage Discovery. On the Manage scans page, in the More actions dropdown, click Manage root and intermediate CAs. See Add public and private root and intermediate CAs in our Discovery user guide.

new

In Discovery, we added a new Blacklist feature that lets you exclude specific IP addresses and FQDNs from your scan results. For example, you may want to blacklist a domain in your CDN network.

Note: When you blacklist an IP address or FQDN, its information is excluded from all future account Discovery scans. This feature does not remove information from existing scan results.

In CertCentral, the left main menu, click Discovery > Manage Discovery. On the Manage scans page, in the More actions dropdown, click Manage blacklist. See Blacklist IP addresses and FQDNs in our Discovery user guide.

enhancement

In Discovery, we updated the Certificates page, adding a new action—Replace certificate—to the Actions dropdown. Now, from the Certificates page, you can replace any certificate with a DigiCert certificate regardless of issuing CA.

(In the sidebar menu, click Discovery > View Results. On the Certificates page, locate the Actions dropdown for the certificate you want to replace. Click Actions > Replace certificate.)

enhancement

In Discovery, we updated the Certificates by rating widget on the Discovery dashboard, making it easier to see the security ratings for your public SSL/TLS certificates (in the sidebar menu, click Discovery > Discovery Dashboard).

As part of the update, we renamed the widget: Certificates analyzed by security rating. Then, we split the chart on the widget into two charts: Public and Others. Now, you can use the Public | Others toggle switch on the widget to select the chart you want to see.

The Certificates analyzed by security rating - Public chart displays the ratings for your public SSL/TLS certificates only. The Certificates analyzed by security rating - Other chart displays the rating for all your other SSL/TLS certificates (e.g., private SSL certificates).

enhancement

In Discovery, we updated the Endpoints and Server details pages making it easier to see the correlation between the IP address and the hostname/FQDN scan it resulted from.

Now, when you configure a scan for a hostname/FQDN, and the scan's endpoint results return IP addresses, we include the hostname/FQDN from the scan with the IP address.

Update note: The hostname update is available in the latest sensor version – 3.7.10. After the sensors updates are completed, rerun scans to see the hostname/IP address correlation on your scan results.

new

In the DigiCert Services API, we added two new endpoints for ordering your Secure Site Pro certificates: Order Secure Site Pro SSL and Order Secure Site Pro EV SSL.

  • POST https://www.digicert.com/services/v2/order/certificate/ssl_securesite_pro
  • POST https://www.digicert.com/services/v2/order/certificate/ssl_ev_securesite_pro

Benefits included with each Secure Site Pro certificate

Each Secure Site Pro certificate includes – at no extra cost – first access to premium feature such as the Post Quantum Cryptographic (PQC) toolkit.

Other benefits include:

  • Priority validation
  • Priority support
  • Two premium site seals
  • Malware check
  • Industry-leading warranties – protection for you and your customer!

To learn more about our Secure Site Pro certificates, see DigiCert Secure Site Pro.

To activate Secure Site Pro certificates for your CertCentral account, contact your account manager or our support team.

new

在「探索』中,我們新增了掃描設定的加密套件選項到掃描設定中,讓您查看在伺服器上啟用的加密套件。新增或編輯掃描時,此選項在您選擇選擇要掃描的內容時位於設定區段中。請參閱設定和執行掃描編輯掃描

一完成您的掃描時,加密套件資訊即列在伺服器詳細資料區段的伺服器詳細資料頁面上。(在資訊看板功能表中,按一下探索 > 檢視結果。在「憑證」頁面上,按一下檢視端點。在「端點」頁面上,按一下端點的 IP 位址/FQDN 連結。然後在「伺服器詳細資料」頁面上的「伺服器詳細資料」區段中,按一下「加密檢視」連結。)

更新注意事項:在最新版 - 3.7.7 的感應器中可使用新的掃描設定的加密套件選項。在完成感應器更新後,編輯掃描設定、,選擇選擇要掃描的內容、,勾選掃描設定的加密套件,,然後重新執行掃描。

enhancement

在「探索」中,我們更新了適用於 Strict-Transport-Security (STS) 安全標題的等級系統。現在,我們僅檢查 HTTP 200 要求並忽略 HTTP 301 要求的 STS。我們僅在網站缺少 Strict-Transport-Security (STS) 安全標題或設定錯誤時處罰伺服器。在這些情況中,我們將伺服器評價為"面臨風險"。

之前,我們檢杳 HTTP 301 要求的 STS,並在缺少 Strict-Transport-Security (STS) 安全標題時處罰伺服器。在這些情況中,我們將伺服器評價為"不安全"。

若要檢視安全標題結果,請前往端點的「伺服器詳細資料」頁面。在資訊看板功能表中,按一下探索 > 檢視結果。在「憑證」頁面上,按一下檢視端點。在「端點」頁面上,按一下端點的 IP 位址/FQDN 連結。

更新注意事項:在最新版 - 3.7.7 的感應器中可使用更新的 STS 評價系統。完成感應器更新後,重新執行您的掃描以查看您的更新的 STS 等級。

enhancement

我們改良了與 CertCentral 整合的 SAML 單一登入 (SSO) 的使用者邀請工作流程,讓您可以在傳送您的帳戶使用者邀請前,指定受邀者為僅限 SSO 使用者。現在,在邀請新使用者彈出視窗中,使用僅 SAML 單一登入 (SSO) 選項限制到僅 SAML SSO 的受邀者。

註:此選項停用這使用者的所有其他驗證方法。此外,此選項僅在您已對您的 CertCentral 帳戶啟用 SAML 時出現。

(在資訊看板功能表中,按一下帳戶 > 使用者邀請。在「使用者邀請」頁面上,按一下邀請新使用者。請參閱 SAML SSO:邀請使用者加入您的帳戶。)

簡化的註冊表

我們也簡化了僅 SSO 使用者註冊表,移除密碼和安全問題要求。現在,僅 SSO 受邀者需要只新增他們的個人資料。

new

我們讓從您帳戶中的 CertCentral 儀表板查看您的「探索」憑證掃描結果變得更加容易,新增探索即將到期的憑證、,憑證發行者,和依等級分析的憑證小工具。

每個小工具都包含一個互動圖表,允許您深入研究以輕鬆尋找更多與即將到期的憑證 (例如哪一份憑證將在 8 到 15 內到期)、依發行 CA (例如 DigiCert) 的憑證和依安全評價的憑證 (例如不安全) 有關的資訊。

更多有關探索的資訊

「探索」使用感應器掃描您的網路。從您的 CertCentral 帳戶內部,集中設定和管理掃描。

new

在 DigiCert Services API 中,我們更新了訂單資訊端點,讓您可以查看如何要求憑證。關於透過 Services API 或 ACME Directory URL 要求的憑證,我們會傳回一個新的回應參數:api_key. 此參數包括金鑰名稱與金鑰類型:API 或 ACME。

註:關於透過其他方法 (例如 CertCentral 帳戶、訪客要求 URL 等) 要求的訂單,從回應中省略 api_key 參數。

現在,在檢視訂單詳細資料時,您將會看到用於透過 API 或 ACME Directory URL 要求的訂單的回應中的新 api_key 參數。

取得 https://dev.digicert.com/services-api/order/certificate/{order_id}

回應:

Order info endpoint response parameter

new

我們新增了新的搜尋篩選器 – 要求方式 – 透過「訂單」頁面,允許您搜尋透過特定的 API 金鑰或 ACME Directory URL 要求的憑證訂單。

現在,在「訂單」頁面上,使用要求方式篩選器,透過特定的 API 金鑰或 ACME Directory URL 要求尋找要求的啟用、到期、已撤銷、已拒絕、擱置的重新發行、擱置的和重複的憑證。

(在資訊看板功能表中,按一下憑證 > 訂單。在「訂單」頁面上,按一下顯示進階搜尋。然後在要求方式下拉清單中,選擇 API 金鑰或 ACME Directory URL 名稱,或在方塊中輸入其名稱。)

new

我們已新增新的工具到我們的 CertCentral 組合中—探索—提供您的整個 SSL/TLS 憑證全貌的即時分析。

「探索」是針對快速尋找您的所有面向內部和公用的 SSL/TLS 憑證而設計,與發行的憑證授權單位 (CA) 無關,「探索」找出憑證設定和實行的問題,以及您的端點設定中與憑證相關的漏洞或問題。

註:「探索」使用感應器掃描您的網路。感應器是安裝在策略位置的小型軟體應用程式。每次掃描都連結一個感應器。

從您的 CertCentral 帳戶內部,集中設定和管理掃描。掃描結果顯示在 CertCentral 內部的直覺與互動式儀表板上。設定掃描執行一次,或在設定好的時程執行多次。