CA Manager
New
Long-lived certificates - Private CAs and End-entities may now be issued for dates beyond the issuing CA's expiry, through 12/31/9999 when an issuing CA or Root is set to "Allow unlimited validity for certificates issued by this CA".
Enhancements
Subject DN and SAN functionality improvements
A new Domain Component field is supported in the Subject DN which optionally contains the directory path of a server object
Managers may now set individual Subject DN fields to UTF8 or PrintableString where RFC specifications do not otherwise forbid it. If no setting provided, CA Manager will automatically choose the encoding based on the passed string content.
HardwareModuleName is now supported in the Subject Alternative Name
Algorithm support
DES-EDE3-CBC, AES128-CBC, AES256-CBC are now supported SCEP encryption algorithms. If no assertion is made by a DigiCert ONE manager, AES128-CBC will be used.
Other improvements
Managers may omit the BasicConstraints section from private end-entities.
The keypool list table now displays the quantity of keys remaining in a pool.
The downloadable CSV listing the keys associated to a given batch in a key pool now includes the SKI to ensure identity.
All dropdowns now offer type-ahead assistance.
The size of certificate's serial number now may set between 16 and 20 octets. If no size provided, the default of 16 octets will be used.
Managers may now specify which method, 1 or 2, to calculate a certificate's Subject Key Identifier.
Fixes
A fix was put in place to prevent privilege escalation within the defaults interface.
Logs now sort by newest first as the default
Corrected an issue where the multiple clicks to submit a new CA resulted in multiple versions be created.
Fixed a problem where certificates could not be issued via SCEP when the CA was hosted on a Thales SafeNet Luna 7 HSM.
Corrected an issue with unmanaged key usages.
Improved performance by removing calls to external fonts
Fixed an issue where dropdowns were not being filtered by the selected account in the nav bar.