Services API updates for client certificate workflows

On August 29, 2023, at 10:00 MDT (16:00 UTC), CertCentral will make changes to the S/MIME certificate issuance process to align with the new Baseline Requirements for the Issuance and Management of Publicly‐Trusted S/MIME Certificates.

As we update our systems to comply with the new Secure Email (S/MIME) baseline requirements, we need to update the Services API workflows for managing S/MIME certificates in CertCentral. This article contains detailed information about the API changes. Make sure to save this page and check it frequently, as we will update this article as new information becomes available.

To learn more about the new industry requirements for public S/MIME certificates, see our knowledge base article.

Order info API: New product validation type for client certificates

On August 1, 2023, for client certificate orders, we updated the Order info API endpoint to return data describing the type of organization validation DigiCert will use for client certificates after August 29.

Background

The Order info API endpoint returns a product object with information about the type of certificate on the order. For certificates that require organization validation, the product object includes parameters describing the type of organization validation used for the product:

validation_type
validation_description
validation_name

After this update, for client certificates that require organization validation, these fields return values associated with SMIME Organization Validation. Before, these fields returned values associated with Normal Organization Validation.

Examples

Example Order info API responses for client certificates, truncated for brevity:

Example 1. Now: Response after August 1

{
... 
   "product": {
        "csr_required": false,
        "name": "Premium",
        "name_id": "client_premium",
        "type": "client_certificate",
        "validation_description": "SMIME Organization Validation",
        "validation_name": "SMIME",
        "validation_type": "smime"
    },
...
}

Example 2. Before: Response before August 1

{
... 
   "product": {
        "csr_required": false,
        "name": "Premium",
        "name_id": "client_premium",
        "type": "client_certificate",
        "validation_description": "Normal Organization Validation",
        "validation_name": "OV",
        "validation_type": "ov",
    },
...
}

How does this affect my API client integration?

If you use the Order info API endpoint to retrieve validation information from the product object, make sure your integration can handle the new validation type values for client certificates.

Otherwise, this change is compatible with existing workflows for validating organizations and requesting client certificates:

Until August 29, you can continue ordering client certificates for organizations with an active Normal Organization Validation (OV).
After August 29, when ordering client certificates for an organization without active SMIME Organization Validation, DigiCert will automatically submit the organization for SMIME validation.

Deprecated organization units (OUs)

Starting August 29, 2023, DigiCert will no longer include the organization unit field on public S/MIME certificates. In the Services API, the organization_unit request parameter will be ignored in requests to create orders for public S/MIME certificates.

New Secure Email (S/MIME) products

Starting August 29, 2023, DigiCert offers three new types of Secure Email (S/MIME) certificate:

Secure Email for Individual: secure_email_mailbox
Certificate for individuals to sign and secure emails. These certificates do not require organization validation.
Secure Email for Business:secure_email_sponsor
Certificate for individuals within an organization to sign and secure emails.
Secure Email for Organization:secure_email_organization
Certificate to sign and secure emails for an organization.

To learn how to request these products with the Services API, see the API reference: Order Secure Email (S/MIME) certificate.

In this section: