Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software Signing
Documents & eSignatures
IoT & Connected Devices
Manage PKI and certificate risk in one place
Quantum is coming.
It's time to prepare.
Quantum is coming.
WATCH REPLAY
It's time to prepare. - Buy
-
Insights
Back
Resources
Explore these pages to discover how DigiCert is helping organizations establish, manage and extend digital trust to solve real-world problems.
-
Partners
Back
- Support
- Contact us
- Language
Insights: DigiCert Open Source
Open. Collaborative. Compliant.
Enabling the WebPKI community to raise the bar for transparency and security.
Insights: DigiCert Open Source
DigiCert DCV Library
DigiCert open-source domain control validation
DigiCert’s domain control validation (DCV) library benefits the WebPKI community by reducing compliance issues and simplifying the validation process. All non-ACME domain validation (DV) methods are available in the library as open source.
What is domain control validation?
Domain control validation (also known as domain validation) is a process used by public certificate authorities (CAs) to verify that the individual or organization requesting a TLS/SSL certificate has control over the domain for which the certificate is being issued. This is a fundamental and critical step in the process of issuing TLS/SSL certificates and ensures that only individuals or entities with legitimate control over a domain are issued a certificate for that domain.
The CA/Browser Forum has specified the CA/B Forum Baseline Requirements to validate that an applicant has ownership or control over a domain. These requirements specify a range of approaches to perform this validation using a variety of technologies including email, DNS record verification, and HTTP/HTTPS verification.
The importance of rigorous domain validation
Domain validation is a fundamental process of verifying the legitimate owner of a domain. Flaws in the validation process can lead to the mis-issuance of certificates to malicious actors who can take advantage of this vulnerability to perform fraud, phishing, and malware campaigns.
Providing these libraries to the community for a thorough evaluation and ongoing improvement will ensure that all certificate authorities maintain a high level of quality on the domain validation process.
Get access to the open
source DCV libraries
Anyone can get access to DigiCert’s
DCV library and contribute to this
code through GitHub.
Frequently asked questions
Why did DigiCert leave ACME validation out of this release?
Under what open-source license is the code released?
How can I participate in this project?
What programming languages and architectures are used in the code?
Initially, we assumed the Let’s Encrypt ACME libraries were likely sufficient. However, we’ve received a lot of interest from the community on seeing our ACME implementation, so we may add that code at a later date. We fully support ACME and all DigiCert customers have access to it by default.
We have released the code under the MIT license, a famously permissive license. All are free to use, modify, distribute, and even sell the code without attribution, provided the copyright notice is included.
The project is housed on GitHub. Click here to get started.
The project is implemented in Java and containerized. We have been working on containerization for a variety of reasons, including preparation for supporting Multi-Perspective Validation.
PKILINT
A framework for verifying PKI structures
pkilint is an open-source certificate linter—a type of software used to analyze digital certificates for errors or compliance issues. Using automation, the linter rapidly analyzes and flags problems, either during the certificate issuance process or as a way to audit the conformity of large directories of previously issued certificates.
What sets pkilint apart?
DigiCert’s pkilint framework can be adapted to any certificate type to test against the specifications outlined in standards that apply to digital certificate formats.
pkilint was developed based on DigiCert’s experience using certificate linters in high-volume environments. The pkilint framework provides several advantages over existing approaches:
- Built on top of a proven ASN.1 parser, allowing very detailed checks that detect ASN.1 encoding errors.
- Architected from the ground up to support linting of many different types of PKI structures (including certificates, CRLs, and OCSP responses) against different standards and trust frameworks.
- Rich validation logic analyzes every field of an ASN.1 document and determines which sets of tests to execute. This results in faster and more thorough testing, with less development time.
In addition to pkilint, DigiCert recently provided an OSS tool called SMBR-Cert-Factory allowing users to generate test certificates that are compliant with the different certificate profiles defined in S/MIME Baseline Requirements.
Frequently asked questions
Can I run the certificate linter on my local computer?
What’s next for pkilint development?
What is PKI?
To perform a certificate check on your local computer, download the open-source certificate linter on GitHub.
The pkilint framework is easily expandable to analyze other digital certificate types and aspects of PKI, such as CRL and OCSP implementations. DigiCert is also planning to use the framework to add lints that encompass the changes introduced by the CA/B Forum Ballot SC-62 for TLS certificate profiles. Developers who are interested in contributing to pkilint can do so on the project’s GitHub page. Read more at the pkilint repository on
Public key infrastructure (PKI) is a system of processes, technologies, and policies that allows you to encrypt and sign data. You can issue digital certificates that authenticate the identity of users, devices, or services. In S/MIME, public PKI is used to issue public TLS/SSL certificates, a type of digital certificate for public domains or web servers that can be viewed and logged publicly.
Related resources
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2024 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings