Website Security
Product Activity Log

What’s new and what we’re working on – December 19, 2018

importantSunsetting the Website Security Product Activity Log
 

We’re moving Website Security services over to their new DigiCert home and ending regular updates to the Product Activity Log. For the latest information about current services and upcoming changes, check your product blog or contact your account manager. Don’t worry, we’ll still email you with compliance news and product changes as they happen.

Complete Website Security and Managed PKI for SSL

importantImportant dates and activity

What’s happening?

When?

What do I need to do?

Organization and domain re-authentication

  • One year ago, we authenticated your organizations and domains for the integration of the Symantec business into DigiCert.
  • In November 2018, we begin re-authenticating your orgs and domains again, according to annual authentication requirements. This regular authentication is inconvenient but necessary to maintain security and trust for your customers, your business, and the web.

Now

  • Watch for and respond to email and phone requests to validate your orgs and domains. Pass this reminder on to your account owners, org contacts, and domain owners.

Organizational unit (OU) validation change

  • In the current verification process, the CSR OU value is checked against our blacklist during enrollment.
  • In the new verification process, the CSR OU value is checked against the whitelist of approved OU values during order processing.

July 31, 2018

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in all certificate lifecycle notifications to noreply@digicert.com. This change affects confirmation, approval, rejection, renewal, and revocation emails.

August 9, 2018

  • Check your inbox for the service announcement around August 1. Check the announcement for details including critical dates and additional support references.

What’s happening?

Organization and domain re-authentication

  • One year ago, we authenticated your organizations and domains for the integration of the Symantec business into DigiCert.
  • In November 2018, we begin re-authenticating your orgs and domains again, according to annual authentication requirements. This regular authentication is inconvenient but necessary to maintain security and trust for your customers, your business, and the web.

When?

Now

What do I need to do?

  • Watch for and respond to email and phone requests to validate your orgs and domains. Pass this reminder on to your account owners, org contacts, and domain owners.

What’s happening?

Organizational unit (OU) validation change

  • In the current verification process, the CSR OU value is checked against our blacklist during enrollment.
  • In the new verification process, the CSR OU value is checked against the whitelist of approved OU values during order processing.

When?

July 31, 2018

What do I need to do?

What’s happening?

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in all certificate lifecycle notifications to noreply@digicert.com. This change affects confirmation, approval, rejection, renewal, and revocation emails.

When?

August 9, 2018

What do I need to do?

  • Check your inbox for the service announcement around August 1. Check the announcement for details including critical dates and additional support references.

What’s new?

Live on November 15, 2018!

  • Organization and domain consolidation – As we complete our transition into DigiCert, we’re consolidating organization and domain authentication processes for all certificate types, which will simplify organization and domain statuses in your consoles. For details on how this improves your visibility into your organization and domain statuses, visit this knowledge base article.
  • Language support for DCV emails – When you resend DCV (Domain Control Validation) emails to confirm proper domain ownership, select the appropriate language for the domain owners.
  • OU validation enhancement – New organization validation requests with unverified organizational units (OU) are typically delayed for manual validation. Previously these organization requests were categorized as “pending”. For greater clarity on status, these orders now show a status of “pending OU validation”.
  • Common name in certificate email subject lines – Easily identify the relevant certificate common name (domain) in emails regarding order status and issuance.

Live on July 31, 2018!

  • Replace distrusted certificates in bulk - For accounts that have more than a few certificates at risk of browser distrust, admins can quickly replace multiple certificates in batches. Applies to Managed PKI for SSL only.
  • New organizational unit validation - DigiCert implemented a new organizational unit (OU) verification process for checking the OU included in your certificate requests. See "Important dates and activities" above.

Complete Website Security 4.6 and Managed PKI for SSL (released May 31, 2018)

  • Update certificate custom fields – In the CWS console, keep additional cert info up-to-date after initial enrollment. Under Additional information in the detailed cert view, edit any custom field. Already available in Managed PKI for SSL.
  • Identify vulnerabilities per page scanned – Vulnerability assessment report includes specific points of weakness per page, instead of only a summary of vulnerabilities found on the website. The report also includes step-by-step attack proof-of-concept and recommended solutions for discovered vulnerabilities.
  • Minimize network traffic from vulnerability and malware scans – Vulnerability assessment runs a complete scan once a month. Malware services checks your domain against a trusted blacklist of malicious websites, instead of scanning your domain every day.
  • CWS console help – The CWS help portal has moved to https://docs.digicert.com/cws/ and console links direct to the new portal. Visit the help portal for getting started, tutorials, general console usage, and support contact info.

Other updates

  • General Data Protection Regulation (GDPR) and your certificates – The European Union’s General Data Protection Regulation (GDPR), in effect as of May 25, 2018, introduces policies that may prevent us from getting the proper domain contact email from your registrars. Your domain contact is a primary method to prove domain ownership for certificate requests and domain approvals. To learn more and make sure you continue to get your certificates promptly, visit our Note on WHOIS, GDPR and Domain Validation. GDPR has no impact on valid certificates and domains.
  • EV green address bar for SHA-256 full chain certs restored in Chrome 66 – Latest stable release of Google Chrome fixes a bug that prevented the green address bar from displaying on sites with Extended Validation (EV) certs signed with SHA-256 full chain (SHA-256 signing on certificate, intermediate(s), and root).
  • Complete Website Security - Sensor installation and certificate discovery support for Red Hat Enterprise Linux 7.4 and Microsoft Windows Server 2016.
  • Complete Website Security – Agent installation and certificate automation support for Red Hat Enterprise Linux 7.4.
  • API developer documentation – The Website Security Developer Portal has moved to DigiCert at https://docs.digicert.com/api-developer-portal/. The developer portal on symantec.com will redirect to DigiCert for a limited time, so update your bookmarks soon.

What’s coming up?

  • No info at this time. Check back soon.

Secure App Service

importantImportant dates and activity

What’s happening?

When?

What do I need to do?

OCSP and CRL update for legacy Symantec certs

  • For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Symantec TLS and code signing certificates.

May 2018

  • Make sure clients inside your network can access the new OCSP and CRL resources. Browsers, devices, and other clients that can’t access the new resources may encounter warnings or errors. Check your firewall and access control policies.
  • No action needed if network access policy defines full domain names instead of IP addresses, or if there is no access policy.

End-of-life for GeoCenter Android code signing

  • To streamline our authentication and issuance platforms with DigiCert's processes and trust hierarchies, and to remove dependencies on legacy Symantec systems, we are discontinuing Android code signing available through the GeoCenter portal and CSPub APIs.

August 1, 2018

Code signing root hierarchy migration

  • We’re continuing to streamline and strengthen the integrity of our code signing offerings.
  • Test Signing, Android, and Client Admin certificates will be issued from a new PKI hierarchy.

January 21, 2019

  • Update your development and validation environments with the new DigiCert code signing intermediate CAs and roots. Make sure you have the latest roots.
  • Otherwise no action needed:
    • New certs are automatically issued from the new DigiCert CA.
    • Existing certs signed by the Symantec CA remain valid until expiration.

What’s happening?

OCSP and CRL update for legacy Symantec certs

  • For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Symantec TLS and code signing certificates.

When?

May 2018

What do I need to do?

  • Make sure clients inside your network can access the new OCSP and CRL resources. Browsers, devices, and other clients that can’t access the new resources may encounter warnings or errors. Check your firewall and access control policies.
  • No action needed if network access policy defines full domain names instead of IP addresses, or if there is no access policy.

What’s happening?

End-of-life for GeoCenter Android code signing

  • To streamline our authentication and issuance platforms with DigiCert's processes and trust hierarchies, and to remove dependencies on legacy Symantec systems, we are discontinuing Android code signing available through the GeoCenter portal and CSPub APIs.

When?

August 1, 2018

What do I need to do?

What’s happening?

Code signing root hierarchy migration

  • We’re continuing to streamline and strengthen the integrity of our code signing offerings.
  • Test Signing, Android, and Client Admin certificates will be issued from a new PKI hierarchy.

When?

January 21, 2019

What do I need to do?

  • Update your development and validation environments with the new DigiCert code signing intermediate CAs and roots. Make sure you have the latest roots.
  • Otherwise no action needed:
    • New certs are automatically issued from the new DigiCert CA.
    • Existing certs signed by the Symantec CA remain valid until expiration.

What’s new?

Live on October 30!

Live on August 2!

  • Securely sign autonomous build applications in Apache Ant or Gradle. Integrate SAS with Ant or Gradle continuous integration tools to sign applications using the Secure App Services Java CSP.
  • Integration and workflow testing in your production account – Set up and run all activities in your regular production account, instead of creating and managing a separate pilot account.

Live on July 19!

  • Securely sign Android apps with hash signing – Use the Secure App Services Java CSP hash signing service to sign large Android apps faster.
  • Securely sign autonomous build applications for Apache Maven – Integrate SAS with Apache Maven to sign applications from autonomous builds using the Secure App Services Java CSP. For API integration details, go to Website Security Developer Portal.

Other updates

  • API developer documentation – The Website Security Developer Portal has moved to DigiCert at https://docs.digicert.com/api-developer-portal/. The developer portal on symantec.com will redirect to DigiCert for a limited time, so update your bookmarks soon.

What’s coming up?

  • No info at this time. Check back soon.

Partners and Resellers

importantImportant dates and activity

What’s happening?

When?

What do I need to do?

OCSP and CRL update for legacy Symantec certs

  • For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Symantec TLS and code signing certificates.

May 2018

  • Make sure clients inside your network can access the new OCSP and CRL resources. Browsers, devices, and other clients that can’t access the new resources may encounter warnings or errors. Check your firewall and access control policies.
  • No action needed if network access policy defines full domain names instead of IP addresses, or if there is no access policy.

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in validation-related notifications to @digicert.com addresses.

August 9, 2018

  • Check your inbox for the service announcement around August 1. Check the announcement for details including critical dates and additional support references.

What’s happening?

OCSP and CRL update for legacy Symantec certs

  • For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Symantec TLS and code signing certificates.

When?

May 2018

What do I need to do?

  • Make sure clients inside your network can access the new OCSP and CRL resources. Browsers, devices, and other clients that can’t access the new resources may encounter warnings or errors. Check your firewall and access control policies.
  • No action needed if network access policy defines full domain names instead of IP addresses, or if there is no access policy.

What’s happening?

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in validation-related notifications to @digicert.com addresses.

When?

August 9, 2018

What do I need to do?

  • Check your inbox for the service announcement around August 1. Browsers, devices, and other clients that can’t access the new resources may encounter warnings or errors. Check the announcement for details including critical dates and additional support references.

What’s new?

Go live in May 2018!

  • Bonaire (BQ) and Curaçao (CW) are now valid country codes, and if you are a natural and legal resident of either you can now order our certificates.
  • You can use shared key-based file authentication for their enterprises now. To activate this feature, contact support.
  • Get 1 and 2-year certificates in the pilot environment – Previously only 7-day certs were allowed. Now you can get standard-term certs for testing. Short-term 7-day certs are still available.
  • Add SANs after the initial request – Add subject alternative names to a cert order even when the original request didn’t include SANs.

Other updates

  • General Data Protection Regulation (GDPR) and your certificates – The European Union’s General Data Protection Regulation (GDPR), in effect as of May 25, 2018, introduces policies that may prevent us from getting the proper domain contact email from your registrars. Your domain contact is a primary method to prove domain ownership for certificate requests and domain approvals. To learn more and make sure you continue to get your certificates promptly, visit our Note on WHOIS, GDPR and Domain Validation. GDPR has no impact on valid certificates and domains.
  • API developer documentation – The Website Security Developer Portal has moved to DigiCert at https://docs.digicert.com/api-developer-portal/. The developer portal on symantec.com will redirect to DigiCert for a limited time, so update your bookmarks soon.
  • symantec.com email address migration – Our email services continue to migrate from symantec.com addresses to digicert.com addresses. Let your customers know so they’re not confused by updates and alerts from digicert.com. Also make sure your own mail services receive and deliver email from digicert.com.
  • Cert requests with the country code AN (Netherland Antilles) no longer accepted – Make sure your APIs and other processes are updated.

What's coming up?

Coming December 20

  • Re-use Domain Control Validation approvals for faster cert issuance – Skip the DCV step for domains that were already approved through DCV.
  • State field not required in Thawte certs – For organizations located in countries without distinctive state/provinces.

Want to know more?

  • Check out the Partner Blog for insider insight on the latest DigiCert partner and reseller activity.

Managed PKI

importantImportant dates and activity

What’s happening?

When?

What do I need to do?

Transition to DigiCert S/MIME and Client Authentication roots for Managed PKI 7 and 8

  • As part of the transition and for root consolidation DigiCert will transition issuance of S/MIME and Client Authentication certificates in Managed PKI 7.x and 8.x from legacy Symantec roots to DigiCert public trusted roots.

December 31, 2018

  • Assess the impact this transition may have on your issued certificates. Check this knowledge base article for details and help.
  • For partners and affiliates, watch this space or contact your account manager. More details coming soon.

Managed PKI 7.X: Automated Administration (AA) certificate renewal

  • We’re renewing and auto-replacing the AA certificate for Managed PKI 7 services. The current AA cert expires on August 17, 2018.

Starting August 7, 2018

  • Check your inbox for the July 23 service announcement. No disruption to your services expected, but you’ll need to make sure the new AA cert is installed correctly.
  • No action needed if you don’t use Automated Admin (your cert requests are approved manually or through passcode authentication).

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in renewal notifications to noreply@digicert.com.

August 13, 2018

  • Check your inbox for the service announcement around August 1. Check the announcement for details including critical dates, test resources, and additional support references.
  • Customized notifications are also altered. Check the announcement for instructions to re-configure your notifications.

Transition to DigiCert TLS hierarchy for Managed PKI 7 and 8

  • As part of the DigiCert acquisition, we are transitioning Symantec root CAs to DigiCert and ending support for legacy verisign.com services.

Now through end of 2018

  • Check your inbox for the June 19 service announcement. This communication provides further details, including critical dates, test resources, and additional support references.
  • Make sure you have the latest DigiCert root hierarchy in your Managed PKI environment. Recommended for compliance best practices and uninterrupted service.
  • Replace verisign.com services in your Managed PKI environment with correct symauth.com URLs. Services on verisign.com will be discontinued at the end of 2018.
  • For more information:

What’s happening?

Transition to DigiCert S/MIME and Client Authentication roots for Managed PKI 7 and 8

  • As part of the transition and for root consolidation DigiCert will transition issuance of S/MIME and Client Authentication certificates in Managed PKI 7.x and 8.x from legacy Symantec roots to DigiCert public trusted roots.

When?

December 31, 2018

What do I need to do?

  • Assess the impact this transition may have on your issued certificates. Check this knowledge base article for details and help.
  • For partners and affiliates, watch this space or contact your account manager. More details coming soon.

What’s happening?

Managed PKI 7.X: Automated Administration (AA) certificate renewal

  • We’re renewing and auto-replacing the AA certificate for Managed PKI 7 services. The current AA cert expires on August 17, 2018.

When?

Starting August 7, 2018

What do I need to do?

  • Check your inbox for the July 23 service announcement. No disruption to your services expected, but you’ll need to make sure the new AA cert is installed correctly.
  • No action needed if you don’t use Automated Admin (your cert requests are approved manually or through passcode authentication).

What’s happening?

Address change in certificate lifecycle emails

  • DigiCert updated the sender (or "From") address in renewal notifications to noreply@digicert.com.

When?

August 13, 2018

What do I need to do?

  • Check your inbox for the service announcement around August 1. Check the announcement for details including critical dates, test resources, and additional support references.
  • Customized notifications are also altered. Check the announcement for instructions to re-configure your notifications.

What’s happening?

Transition to DigiCert TLS hierarchy for Managed PKI 7 and 8

  • As part of the DigiCert acquisition, we are transitioning Symantec root CAs to DigiCert and ending support for legacy verisign.com services.

When?

Now through end of 2018

What do I need to do?

  • Check your inbox for the June 19 service announcement. This communication provides further details, including critical dates, test resources, and additional support references.
  • Make sure you have the latest DigiCert root hierarchy in your Managed PKI environment. Recommended for compliance best practices and uninterrupted service.
  • Replace verisign.com services in your Managed PKI environment with correct symauth.com URLs. Services on verisign.com will be discontinued at the end of 2018.
  • For more information:

What’s new?

June 19

  • MPKI 7 certificate profile updates for DigiCert - As part of the Symantec PKI services move to DigiCert, we updated certificate profiles to replace legacy verisign.com URLs with new digicert.com URLs. No action needed on your part. What’s changing?

Other updates

  • Managed PKI:
    • Microsoft Intune integration for managing certificates on mobile devices. Contact your account manager or customer support for more information.
  • CI Plus:
    • Ability to request certificates for devices with Enhanced Content Protection (ECP).

What’s coming up?

  • No info at this time. Check back soon.

We have updated our Privacy Policy which can be found here.