October 19, 2022: Code Signing and EV Code Signing verified contact updates

Starting October 19, 2022, DigiCert will require organizations on Code Signing (CS) and EV Code Signing (EV CS) certificate orders to have a verified contact.

DigiCert has always required a verified contact from the organization to approve code signing certificate orders before we issue the certificate. Today, DigiCert can add a verified contact to an organization during the validation process. After October 19, verified contacts must be submitted with the organization.

To make the transition easier, when you submit a request to the Order code signing certificate API endpoint, DigiCert will default to adding the authenticated user (the user who owns the API key in the request) as a verified contact for the organization.

DigiCert will apply this default when:

  • The organization in the API request has no verified contacts who can approve CS or EV CS orders.
  • The API request body does not specify a new verified contact to add to the organization.
  • The authenticated user has a job title and phone number.

How does this affect me?

This change affects you if:

  • You use the CertCentral Services API to submit CS or EV CS certificate orders.
  • You sometimes submit CS or EV CS certificate orders for organizations that do not have a verified contact.

What can I do?

To avoid a lapse in service, make sure users in your CertCentral account with active API keys have a phone number and job title. You can update user details in the CertCentral console, or you can use these API endpoints to list API keys and to list and update user details:

Alternately, make sure organizations on CS and EV CS orders have a verified contact: