A New Way to Check for Chrome Distrust & Other Product Updates

In the past few days, we made more updates to DigiCert’s partner platform and SOAP API. Here’s a recap of what went live (and where).

Change Authentication Type for Pending Reissue Orders

You can now change authentication types for pending reissue orders for DV, OV, and EV certificates, from both the API and the partner portal’s Bulk Reissue Tool. This functionality works for:

  • EMAIL to/from DNS
  • EMAIL to/from FILE
  • DNS to/from FILE

Change the Authentication Type from API

Partners can now reissue orders from the API to support EMAIL, DNS, or FILE authentication types, regardless of the initial order’s authentication type. This applies to all SSL products (DV, OV, and EV) except private CA orders.

Change the Authentication Type from the Bulk Reissue Tool

You can now initiate reissue orders from the Bulk Reissue Tool to support EMAIL, DNS, or FILE authentication types, regardless of the initial order’s authentication type. This applies to all SSL products (DV, OV, and EV) except private CA orders.

Get Status Updates While an Order Is “Pending”

Partners (as well as your customers) can now view intermediate authentication states via the API Response for File and DNS Authentication and via the API and GUI for Organization, Contact, and Domains. This means you can receive status updates even when an order is “pending.”

Support for Full-Chain EV SHA-2

We enabled full-chain support for SHA-2 on EV certificates via our partner portal and API.

Enhancements for SANs

A partner portal bug is fixed, thereby restoring the ability to read the CSR’s SAN values when partners order a new SSL certificate or renew an existing SSL certificate.

For partners who have the “Don’t copy non-www value to the SAN field“ setting enabled, we restored the behavior that was in place before 1 December 2017.

Configure Order Fulfillment Emails at Enterprise Level

Partners now have the option to configure sending order fulfillment emails at an enterprise level during reissuance using the Bulk Reissue Tool.

Enhancements to CSR Validation Checking & Detail Retrieval in Bulk Reissue Tool 

We deprecated non-critical CSR validation checks from our Bulk Reissue Tool and increased its ability to save and retrieve processing details when the service is unexpectedly interrupted.

Check Individual Domains for Chrome Distrust

You can use a simple web-based tool to check whether any domain has a GeoTrust, RapidSSL, Symantec, or Thawte certificate and needs action related to upcoming releases of Google Chrome. This tool is publicly available, so partners can offer it to customers who want objective factualization of their certificate’s status. Visit it at https://www.websecurity.symantec.com/support/ssl-checker.

The upcoming deadline for Chrome 66 distrust is approaching quickly, so we recommend taking action as soon as possible on any affected certificates.

 

Posted in Partner Blog