DigiCert KeyLocker

You may have been notified about version 1.153.0 of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

You may have been notified about version 1.52.00 of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

You may have been notified about version 1.50.0 of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

You may have been notified about version 1.49.0 of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

KeyLocker accounts' end dates now automatically reflect the expiry date of the longest-valid certificate within the account. Users can align the account expiry date manually using the Sync certificate feature or wait for the automated sync job, which runs every Sunday at 2 AM, to ensure account end dates are accurately updated to match the latest certificate expiry.

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

We identified that the SMCTL and PKCS11 library was unintentionally excluded in version 1.46.0 of the Mac Clients. We have rectified this issue without altering the version number. If you've already installed this version, download it again to ensure you have access to all required client tools.

We added a JCE library to our Client tool repository. JCE is part of the Java Development Kit (JDK) that facilitates digital signing of Java Archive (JAR) files and related artifacts. Using JCE for signing is preferred over PKCS11 and KSP library options due to its compatibility with various operating systems (Windows, Linux, macOS, Solaris, and AIX) and Java architectures, including 64-bit, 32-bit, and ARM processors.

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

We have resolved an issue where the Certificate details page became skewed when multiple users were assigned as the certificate signer. This update ensures that the names are displayed clearly, without compromising user experience.

We have removed references to signature limits for certificates purchased before November 3, 2024. This update aligns with our commitment to honor the service agreement at the time of purchase.

The sync certificate feature retrieves the latest certificate status from CertCentral. This action is used if your order status in CertCentral is different to your status in DigiCert® KeyLocker. While this works correctly, we noticed that after syncing the certificate, the keypair alias was not immediately displayed in the certificate details page. We have corrected this and all relevant information should display as expected.

We have fixed an issue on the Certificates tab where filtering by keypair alias did not apply correctly, resulting in multiple certificates being listed. Now, when filtering by keypair alias, only the certificate associated with the specified keypair alias will be displayed in the list, ensuring accurate and streamlined results for users.

When a user ran the smctl healthcheck command and no signing tools were found in their system, the log files listed the following error message: "Error Tools cannot be null." We updated the error message to: "Unable to detect compatible signing tools." to improve the clarity that the user needs to install third-party signing tools.

KeyLocker implemented technical controls to enforce signature and signer limits on KeyLocker certificates purchased as stated in DigiCert's service terms on or after November 3, 2023. You can designate a user as the signer for the certificate in the Certificates tab in DigiCert​​®​​ KeyLocker. To increase the signature limit of your certificate, you can purchase additional signatures in increments of 1,000 from CertCentral. Learn more

As an ongoing effort, we have improved the scalability and reliability of DigiCert​​®​​ KeyLocker. These updates ensures seamless operations even during peak usage and provides our users with a more efficient and robust user experience.

CertCentral now issues certificates off SHA-384 signature algorithm ICAs. While previously limited to SHA-256, this update enables users to utilize SHA-384 signatures based on their CA and ICA settings within CertCentral. Users can seamlessly leverage this feature to further strengthen their certificate management workflows.

We identified an issue preventing the download of DigiCert​​®​​ KeyLocker client tools via the no authentication API endpoint: /signingmanager/api-ui/v1/releases/noauth/{releaseName}/download and CI/CD plugins. We have fixed this issue, and users should be able to successfully download our client tools using the endpoint referred to above and DigiCert​​®​​ KeyLocker plugins.

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.