Enterprise PKI Manager
New
Enrollment over Secure Transport (EST) - Enrollment over Secure Transport (EST) - Support for a new protocol to issue certificates via EST (as per RFC-7030), authenticated via an Enrollment Code that is submitted as a Base-64 encoded value inside an Authorization HTTP header. Enrollment Codes can be generated by DigiCert, or set by Customers (manually or in bulk) via the Manage Seats UI or via REST API. The EST operations supported by this release are:
cacerts
simpleenroll
Note
EST certificate renewal operation (simplereenroll) will be supported on a subsequent release
API enhancements
New API endpoint (/mpki/api/v1/certificate-search
) to allow searching of end-entity certificates using various filters within HTTP query parameters:
limit
→ the number of certificate search results to be returned (default of 20 responses, if no limit is specified, maximum of 99999999)offset
→ used to paginate through response 'pages', once the 'limit' number of certificate responses has been reached within a pageaccount_id
→ search by Account ID (you can get your Account ID from the "Account Manager" application)aki
→ search by a specific Authority Key Identifier (AKI) value of an end-entity certificate. This value matches the “Subject Key Identifier (SKI)” value of the Issuing CA. It helps when searching for certificates issued by a given Issuing CA without ambiguitybusiness_unit_id
→ search by Business Unit ID (you can get your Business Unit ID, or GUID, from the Business Unit Details page)business_unit_name
→ search by a given Business Unit Namecommon_name
→ search by Common Nameissuing_ca_id
→ search by the Issuing CA ID (you can get your CA ID from the "CA Manager" application)issuing_ca_name
→ search by the Common Name of the Issuing CAissuing_ca_serial_number
→ search by a given Issuing CA Serial Numberprofile_id
→ search by Profile ID (you can get your Profile ID, or GUID, from the Profile Details page)seat_id
→ search for 'internal' Seat ID (will allow for standard Seat IDs in a future release - currently using an internal ID)seat_id_type
→ search by Seat Type (USER_SEAT, DEVICE_SEAT, SERVER_SEAT, IMPORTED_SEAT, UNMANAGED_SEAT)serial_number
→ search by Serial Numberstatus
→ search by certificate status (valid, revoked, expired, suspended)valid_from
→ search by certificate Valid-From date and exclude certificates issued before such date (date format: yyyy-mm-dd)valid_to
→ search by certificate Valid-To date and exclude certificates issued after such date (date format: yyyy-mm-dd) See Swagger API documentation for details, under Resources menu item, e.g. https://one.digicert.com/mpki/docs/swagger-ui/index.html#/Certificates/get_mpki_api_v1_certificate_search
Other enhancements
Audit Log
Ability to search for audit log events by using a Seat ID
Added audit log entries for revocation events
Redesigned Tables
Redesigned tables used for listing and filtering data for the below pages:
Enrollments List page
Business Units List page
Certificates List page
Templates List page
Seats List page
Known issues
Due to known bug, Unmanaged Seats can not be deleted and Unmanaged certificates can not be downloaded from the Certificates page.
The Dashboard chart does not currently show Unmanaged/Imported certificate data.