Skip to main content

Enterprise PKI Manager

This release focused on delivering a new Enrollment flow that allows administrators of an account to upload CSV files to create Seats and Enrollments in bulk.

Enhancements

CSV Bulk Upload - Support to upload CSV files to Create and Update Seats and Enrollments in bulk via a 1-step synchronous process. The latter is based on the definition of a certificate profile, and dynamically shows the fields you would require to include in a CSV file. Support for Deletion of Seats in bulk via the same CSV upload process is planned.

Browser PKCS12 enrollment method with Enrollment Code auth flow - Support issuance of certificates via the "Browser PKCS12" enrollment flow, making use of Enrollment Codes to authenticate the request, which allows a user to download a certificate in PKCS12 format and manually install it on the target device.

Note

Note: keys and CSRs are generated within the browser’s memory and discarded once the certificate is downloaded.

Manual Approval flow enhancements

  • Support for including comments to end-users within the approval/rejection emails.

  • Automatically send emails to all Administrators for an account once a user enrolls for a certificate. The link within the email will take the Administrators to a landing page showing all user data, including additional authentication fields.

Seat ID Mapping for Manual Approval flow - Administrators can choose what 'unique' certificate field (for profiles configured with Manual Approval authentication method) is to be mapped to a Seat ID, which is then used for licensing purposes.

Note

Note: we will extend this functionality to other authentication methods over the next releases.

Enhanced profile view and filtering - Enhanced the View Profiles page to be able to see what CAs are associated to profiles, as well as new Filters for searching profiles against their Enrollment/Authentication methods.

REST API Documentation - REST API online documentation is now available for the Enterprise PKI Manager app under the below URLs:

  • For Demo platform: https://demo.one.digicert.com/mpki/docs/restapi.html

  • For Stage platform: https://stage.one.digicert.com/mpki/docs/restapi.html

  • For Production platform: https://one.digicert.com/mpki/docs/restapi.html

Known issues

  • ECDSA keys not supported by the "Browser PKCS12" enrollment method, although a profile can be configured to use such keys. Research is ongoing to support this feature.

  • Dynamically created CSV examples are not always correct, e.g. missing "business_unit_id" field when creating enrollments against a profile, and unnecessary "csr" field displayed for some profile configurations.

Fixes

  • When rejecting an Enrollment in Created status, Users now receive an email confirmation of the enrollment being rejected.

  • Account admins could self-assign themselves to a Business Unit, which prevented them from being able to manage other Business Units within the account. Account admins can not assign themselves into a BU, only other admins or a System admin.

  • Updated the Generic User Certificate Template to support Smart Card Logon Extended Key Usage (EKU) extension