We are releasing several updates to DigiCert CertCentral® in Q2 2022 to further strengthen our certificate lifecycle management offerings and make certificate management easier. Already available is a Domain Lock, which allows enterprises to better protect their domains, and the availability of .onion certificates. Starting this year, customers will also be able to bulk validation of domains via email, and certain test accounts will have access to Agent Discovery, a new, comprehensive discovery option.

Agent Discovery in CertCentral

Agent Discovery allows CertCentral customers to go beyond discovering TLS/SSL certificate information and find all the crypto assets in their environment like SSH keys, binaries, key stores, IP/Ports and server host information to get deep analytics on all their different certs for complete detailed visibility of their entire certificate library.

It’s another form of discovery that allows for large, distributed networks to do a deep, comprehensive scan on their environment, including discovering stale keys and certificates. Set up includes an agent installed on servers, which gives further visibility than can be discovered using a network scan. The lightweight agent does not interfere with server operations, and because scans are quick, it uses minimal resources to ensure resources needed for other tasks.

Agent Discovery can find any type of crypto asset, including:

• TLS
• Keys
• User certificates
• S/MIME
• Code Signing Certificates
• Binaries (for Algorithms)
• Ability to explore Archives files

Agent Discovery is ideal for large networks needing a more fine-tuned, granular approach to discovering all the types of cryptography in their environment. There is no network overhead, and it is easily scalable as each host scans itself.

Agent Discovery will be released in beta in Q2 2022 to test accounts and will be generally available in the near future.

.onion certificates available

DigiCert is once again issuing .onion certificates to enable secure, private access through TOR with public TLS. In times of political unrest, we have seen a sharp rise in the use of TOR/Onion sites. Many news outlets and social media platforms, such as The New York Times, The Washington Post and Twitter, all have .onion versions of their sites that offer anonymous media drops for whistle blowers, or for people who want to share politically sensitive news without fear of repercussions from their government.

While users accessing these tools want to remain anonymous, it is more important than ever to ensure that users are connecting to trusted services, especially when sharing sensitive information. That’s why DigiCert supports TLS certificates for hidden services (.onion sites) to ensure encrypted access to recognized sites on the Tor Network. DigiCert was the first certificate authority to issue .onion certs and one of only two certificate authorities that can issue .onion certificates today. We emphasize that when using Tor, users should look beyond the lock.

To purchase a .onion certificate through CertCentral, fill out an order form. For more details on how to order a .onion certificate from DigiCert, read this post.

Bulk Domain Validation for DCV email

Currently, when customers revalidate domains, they must request revalidation one at a time. This becomes a problem when you have hundreds or thousands of domains to revalidate in a short window (e.g., all in the same week).

With Bulk Domain Validation, customers can select up to 25 domains for revalidation at a time and can set common parameters, such as email address, administrative address and DCV method to simplify the domain revalidation process and save time.

In your CertCentral account, here is how that process looks:

Step 1 - Select domains for revalidation

Step 2 - Select language for email-based verification

Step 3 - Submit up to 25 domains for validation

We do anticipate additional DCV methods will be able to use Bulk Domain Validation soon. Furthermore, although current functionality only allows for up to 25 domains at once, we will review expanding Bulk Domain Validation in the near future.

Domain Lock

Domain lock is available now for large enterprises and partners who want to protect their domains. When a specific domain is locked, other accounts won’t be able to request certificates for that domain until the domain is unlocked or another account is added to the lock. For more information, view this step by step guide to Domain lock or this knowledgebase article.

Enable domain lock so only CertCentral account members can use your domains

Create a CAA record with the account token

Other accounts will not be able to submit requests for the same domain until the domain is unlocked, or another account is added to the lock.

Learn more, stay tuned for more updates

For future updates to CertCentral, watch for announcements on the product news widget in the Overview Dashboard, available to every CertCentral user.

The product news widget is available now in CertCentral

To learn more about these updates in DigiCert CertCentral, talk to your representative and ask for a demonstration.

About DigiCert CertCentral®

DigiCert CertCentral® in DigiCert ONE™ manages all TLS/SSL certificates throughout the certificate lifestyle. The award-winning platform features a rich automation suite, continuous updates and an API-based development structure for easy implementation into popular platforms and systems like ServiceNow.

CertCentral’s automated discovery feature provides visibility into an organization’s entire certificate landscape, including certificates from third-party CAs, for active management. CertCentral offers flexible automation options for any size deployment to automate key management tasks — such as ordering, renewing, monitoring, inspecting, reissuing and revoking certificates.

CertCentral is customizable and offers scalability from a single certificate to millions. A global solution, CertCentral TLS Manager supports 12 international languages and nine global currencies.