Skip to main content

DigiCert KeyLocker

Release notes

June 19, 2024

DigiCert® ONE version: 1.7645.2 | DigiCert KeyLocker: 1.782.0

Enhancements

Account end date sync

KeyLocker accounts' end dates now automatically reflect the expiry date of the longest-valid certificate within the account. Users can align the account expiry date manually using the Sync certificate feature or wait for the automated sync job, which runs every Sunday at 2 AM, to ensure account end dates are accurately updated to match the latest certificate expiry.

May 22, 2024

DigiCert® ONE version: 1.7460.3 | DigiCert KeyLocker: 1.775.0

Enhancements

Version number change for KeyLocker client tools

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.46.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

May 15, 2024

DigiCert® ONE version: 1.7460.2 | DigiCert KeyLocker: 1.771.0

Fixes

SMCTL and PKCS11 library added to version 1.46.0 of Mac Clients

We identified that the SMCTL and PKCS11 library was unintentionally excluded in version 1.46.0 of the Mac Clients. We have rectified this issue without altering the version number. If you've already installed this version, download it again to ensure you have access to all required client tools.

May 8, 2024

DigiCert® ONE version: 1.7460.1 | DigiCert KeyLocker: 1.770.0

New

Java Cryptography Extension (JCE) library

We added a JCE library to our Client tool repository. JCE is part of the Java Development Kit (JDK) that facilitates digital signing of Java Archive (JAR) files and related artifacts. Using JCE for signing is preferred over PKCS11 and KSP library options due to its compatibility with various operating systems (Windows, Linux, macOS, Solaris, and AIX) and Java architectures, including 64-bit, 32-bit, and ARM processors.

Enhancements

Version number change for KeyLocker client tools

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

April 3, 2024

DigiCert® ONE version: 1.7277.0 | DigiCert KeyLocker: 1.765.0

Fixes

Users assigned to certificates

We have resolved an issue where the Certificate details page became skewed when multiple users were assigned as the certificate signer. This update ensures that the names are displayed clearly, without compromising user experience.

Signature limit for certificates purchased before November 3, 2024

We have removed references to signature limits for certificates purchased before November 3, 2024. This update aligns with our commitment to honor the service agreement at the time of purchase.

Keypair alias not displayed after syncing certificate

The sync certificate feature retrieves the latest certificate status from CertCentral. This action is used if your order status in CertCentral is different to your status in DigiCert® KeyLocker. While this works correctly, we noticed that after syncing the certificate, the keypair alias was not immediately displayed in the certificate details page. We have corrected this and all relevant information should display as expected.

Keypair alias filter

We have fixed an issue on the Certificates tab where filtering by keypair alias did not apply correctly, resulting in multiple certificates being listed. Now, when filtering by keypair alias, only the certificate associated with the specified keypair alias will be displayed in the list, ensuring accurate and streamlined results for users.

March 20, 2024

DigiCert® ONE version: 1.7083.4 | DigiCert KeyLocker: 1.756.0

Fixes

Healthcheck error updated

When a user ran the smctl healthcheck command and no signing tools were found in their system, the log files listed the following error message: "Error Tools cannot be null." We updated the error message to: "Unable to detect compatible signing tools." to improve the clarity that the user needs to install third-party signing tools.

March 19, 2024

DigiCert® ONE version: 1.7083.3 | DigiCert KeyLocker: 1.753.0

Enhancements

Signature and user limits for certificates purchased after November 3, 2024

KeyLocker implemented technical controls to enforce signature and signer limits on KeyLocker certificates purchased as stated in DigiCert's service terms on or after November 3, 2023. You can designate a user as the signer for the certificate in the Certificates tab in DigiCert​​®​​ KeyLocker. To increase the signature limit of your certificate, you can purchase additional signatures in increments of 1,000 from CertCentral. Learn more

March 13, 2024

DigiCert® ONE version: 1.7083.2 | DigiCert KeyLocker: 1.751.0

Fixes

Improved scalability and reliability

As an ongoing effort, we have improved the scalability and reliability of DigiCert​​®​​ KeyLocker. These updates ensures seamless operations even during peak usage and provides our users with a more efficient and robust user experience.

February 14, 2024

DigiCert® ONE version: 1.6887.2 | DigiCert KeyLocker: 1.731.0

New

SHA-384 signature algorithm ICAs

CertCentral now issues certificates off SHA-384 signature algorithm ICAs. While previously limited to SHA-256, this update enables users to utilize SHA-384 signatures based on their CA and ICA settings within CertCentral. Users can seamlessly leverage this feature to further strengthen their certificate management workflows.

February 8, 2024

DigiCert® ONE version: 1.6887.1 | DigiCert KeyLocker: 1.724.0

Fixes

Client tool download via API and plugins

We identified an issue preventing the download of DigiCert​​®​​ KeyLocker client tools via the no authentication API endpoint: /signingmanager/api-ui/v1/releases/noauth/{releaseName}/download and CI/CD plugins. We have fixed this issue, and users should be able to successfully download our client tools using the endpoint referred to above and DigiCert​​®​​ KeyLocker plugins.

February 7, 2024

DigiCert® ONE version: 1.6887.0 | DigiCert KeyLocker: 1.723.0

Enhancements

Version number change for KeyLocker client tools

You may have been notified about an updated version of KeyLocker tools; however, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version as the changes made do not affect KeyLocker users.

November 2, 2023

DigiCert® ONE version: 1.682.0 | DigiCert KeyLocker: 1.682.0

Enhancements

Version number change for KeyLocker client tools

You may have been notified about an updated version of KeyLocker tools. However, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version, as the changes made do not affect KeyLocker users.

November 1, 2023

New

Two-factor authentication (2FA) requirement

Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).

You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.

How to enable two-factor authentication in Account Manager.

Note

If you use single sign-on (SSO) to access your DigiCert ONE account, the new two-factor authentication requirement does not affect you. However, the requirement will activate if you modify your SSO settings.

October 25, 2023

DigiCert® ONE version: 1.6201.5 | DigiCert KeyLocker: 1.675.0

Enhancements

Desync all certificates associated with a keypair

The SMCTL desync command previously only desynced the expired and revoked certificates associated with a keypair from the local Windows store. We have improved the functionality of this command to allow you to additionally specify invalid or all as a parameter in the Windows desync command so that all certificates associated with the keypair would be desynced.

Simplified verify command

The SMCTL verify signature command has previously provided a lengthy output that made it difficult to identify if the verification of the signature was a success or failure. We have introduced a new parameter called --quiet that can be added to the verify signature command to limit the output of the command to one sentence confirming if the verification of the signature is a success or failure.

September 27, 2023

DigiCert® ONE version: 1.6074.8 | DigiCert KeyLocker: 1.660.0

Enhancements

KeyLocker client tools now supports newer macOS architecture

DigiCert​​®​​ KeyLocker client tools previously only worked on old versions of MacOS with x86_64 architecture. To support the newer versions of macOS with arm64 architecture we upgraded our macOS client tools to support signing on both macOS x86_64 and arm64 architecture.

August 25, 2023

DigiCert® ONE version: 1.5874.9 | DigiCert KeyLocker

Fixes

Unable to integrate with CertCentral using an API key

New DigiCert​​®​​ KeyLocker accounts were unable to connect to CertCentral using a CertCentral API key. This issue has been fixed and new DigiCert​​®​​ KeyLocker accounts are successfully able to connect to CertCentral using a CertCentral API key.

August 16, 2023

DigiCert® ONE version: 1.5874.6 | DigiCert KeyLocker

Enhancements

Support plans

On August 15, 2023, DigiCert upgraded our support plans to provide a better, more customizable experience. These improved plans are scalable and backed by our technical experts to ensure your success.

New plans:

  • Standard support (free)

  • Business support (mid-level)

  • Premium support (highest-level)

For more details about what these plans include, see the DigiCert Support Plans and DigiCert Support: Enabling Your Success.

How does this affect me?

To show our appreciation, DigiCert has upgraded all existing customers to either Business or Premium support plans for a limited time at no additional charge. See our August 15 change log entry.

How the limited-time upgrade works:

  • Platinum support plans are upgraded to Premium support for the duration of the contract.

  • Gold or Platinum-Lite support plans will be upgraded to Premium support for the duration of your contract.

  • Included (non-paid) DigiCert support will be upgraded to Business support for up to one year.

July 5, 2023

DigiCert® ONE version: 1.5658.0 | DigiCert KeyLocker

New

macOS support

DigiCert​​®​​ KeyLocker now supports signing on macOS. You can continue to sign directly with third-party signing tools or use Signing Manager Controller (SMCTL), a command line interface (CLI) that offers simplified signing integrated with third-party signing tools. Download macOS clients to enable signing. To identify the third-party signing tools required to sign, refer to file types supported for signing.

Fixes

DigiCert Click-to-sign is only compatible with Windows 10

Fixed tool descriptions to specify that DigiCert Click-to-sign is only compatible with Windows 10.

June 28, 2023

DigiCert® ONE version: 1.5428.8 | DigiCert KeyLocker

Enhancements

KeyLocker wizard improvement

When creating an API token or client authentication certificate from the KeyLocker wizard, users had to select a hyperlink. We found that this was not intuitive enough and resulted in users selecting Next without creating an API token or client authentication certificate. Added a Create button to streamline the process.

Consistent certificate and keypair aliases

Signing commands often require the keypair alias and/or the certificate alias. These aliases are case-sensitive. To prevent unnecessary errors during signing, we have ensured that all certificate and keypair aliases are assigned in lowercase and have assigned the keypair and certificate aliases in a predictable format. Example:

CertCentral order number: 12345

Keypair alias: key_12345

Certificate alias: cert_12345

Fixes

Failure to create KeyLocker account

When a user requested a code signing certificate with KeyLocker provisioning in CertCentral, the master administrator for the CertCentral account was used to create the KeyLocker lead. This workflow caused KeyLocker account creation to fail when CertCentral accounts had no master administrator assigned to their account. In future, when a user requests a code signing certificate with KeyLocker provisioning in CertCentral, the user who approves the certificate request will become the KeyLocker lead.

KeyLocker wizard redirect

Fixed an issue that loaded and incorrect page when loading the KeyLocker wizard, then redirected to the correct page. When selecting Get Started in KeyLocker, the wizard now correctly displays without the redirect.

Integrated tools not displaying in KeyLocker wizard

Fixed an issue where a banner message failed to confirm the tools the user could use to sign after running the smctl healthcheck command in step 3 of the KeyLocker wizard. Running the healthcheck command and selecting the Check status button now displays a banner confirming which signing tools the user has integrated with and can use to sign.

June 21, 2023

DigiCert® ONE version: 1.5428.7 | DigiCert KeyLocker

Fixes

Documentation update

Link users to online documentation for KeyLocker workflows from resources section of the UI. Remove documentation links to API for KeyLocker customers in resources section of the UI.

Order processing issue

Resolved a processing bug whereby when a CertCentral order request failed, it caused other orders for the account also to not processed. This issue is resolved with this release.

June 14, 2023

DigiCert® ONE version: 1.5428.5 | DigiCert KeyLocker

Enhancements

User setup wizard

Implemented several content fixes and workflow improvements to the user setup wizard to help improve the overall experience when first using KeyLocker.

Account MFA

Enabled multi-factor authentication for all KeyLocker accounts at time of account setup.

Key alias format

Changed format of key alias from Key(CountOfKeysForAccount) to Key_CC_orderID.

Order processing

KeyLocker now saves CertCentral order details in Keylocker even if the following occur:

  • Keypair generation at HSM fails.

  • CSR update at CertCentral for the order fails.

Instead, you now receive the following error in CertCentral for one of the above failures: "CSR update failed for order ID. The requested action could not be completed at this time due to a resource conflict. Please try again after previous actions have completed."

May 30, 2023

DigiCert® ONE version: 1.5118.10 | DigiCert KeyLocker

New

KeyLocker key storage feature for CertCentral

DigiCert ONE is launching support for KeyLocker. KeyLocker is DigiCert's cloud-based key storage solution, compliant with CA/B Forum requirements for storing private keys for code signing and EV code signing certificates.

In this release, we are enabling service-to-service APIs to support key generation and check for feature flag enablement of DigiCert ONE accounts for the KeyLocker use case.

More features will follow in future releases.