We’ve come so far in the development of the CertCentral partner portal that it’s been in beta. And while we now must put all our available dev resources into its development, as a result, we must stop developing the legacy Website Security partner portals.
Now, don’t panic. That (^^^) doesn’t mean we’re going to ignore those battle-tested portals.
Quite to the contrary, we’re actively fixing bugs and making under-the-hood updates to support all the migrations and transitions we still need to accomplish.
And to prove that, here’s a laundry list of what we pushed live in today’s release:
- Bug Fixes
- We’ve hidden unimportant action-result combinations in our backend’s order history section, so if you ever feel like making tens of thousands of updates to an order (where we used to expect maybe up to ten instead), you can now do so without breaking the Internet – or our backend!
- We resolved when orders don’t sync to one of our backends (again).
- Some order states were not aligning correctly, so we fixed that.
- We now rate-limit access to the Sync API. Note that we sync automatically every five minutes anyway, so there’s no real need for doing that on your side.
- Important updates which (sigh) you probably won’t notice
- We’ve upgraded to supporting OpenSSL 1.1.0i as necessary for Apache HTTPD 2.4.34.
- Transition and migration stuff
- Remember when we changed validation email addresses to end with @digicert.com, and said that we’d change the rest of the email addresses sometime in the future? Yep, we changed them.
- For Encryption Everywhere, we enabled account-level settings to allow 90-day certificates on production accounts, in order to allow renewal flow testing and fulfill our pre-announcement of EOLing the EE pilot environment. If you’re using the EE pilot environment, just sign up for a second production account which you can use for testing purposes – because we’ll shut down the pilot environment on 26 October 2018.
And there’s one more change we didn’t make, but will on 27 September 2018. And this is going to require a meandering technical backstory, so stick with me:
- A Google Chrome bug didn’t show the EV indicator when leaf certs chained to DigiCert Global G2 Root, so we decided to add the Symantec policy OID to the leaf certs to match the OID in VeriSign G5 Root. As a result, all full SHA256 EV certs issued after 31 January 2018 included three policy OIDs (the DigiCert OID 2.16.840.1.114412.2.1, the Symantec OID 2.16.840.1.113722.214.171.124.6, and the CA/Browser Forum OID 126.96.36.199.1).
- We were just so very pleased with ourselves and began celebrating with cake and fizzy drinks, but then came another Chrome bug in macOS, which didn’t show the EV indicator when the leaf certs included multiple policy OIDs.
- We never got to enjoy the cake and drinks. But we did get to work quickly to get things sorted.
- Because the first Chrome bug I mentioned above has already been fixed (we confirmed the latest Chrome release shows the EV indicator when there are two policy OIDs in the leaf certs), we decided to remove the Symantec OID on 27 September 2018 to restore EV compatibility in macOS. (There’s going to be other news which will overshadow that OID removal, but it was important for us to point it out regardless). This is all represented in our latest PKI hierarchy details.
- How does this affect you? Let’s just say that if you have cake and fizzy drinks, you get to enjoy them, because there is no partner nor customer action required – with one anticipated exception: those who want to support the EV indicator on the macOS version of Chrome simply need to replace their existing full-chain SHA256 EV certificate(s). We offer certificate replacements at no charge to customers.