Skip to main content

Enterprise PKI Manager

New

Enrollment over Secure Transport (EST) - Enrollment over Secure Transport (EST) - Support for a new protocol to issue certificates via EST (as per RFC-7030), authenticated via an Enrollment Code that is submitted as a Base-64 encoded value inside an Authorization HTTP header. Enrollment Codes can be generated by DigiCert, or set by Customers (manually or in bulk) via the Manage Seats UI or via REST API. The EST operations supported by this release are:

  • cacerts

  • simpleenroll

Note

EST certificate renewal operation (simplereenroll) will be supported on a subsequent release

API enhancements

New API endpoint (/mpki/api/v1/certificate-search) to allow searching of end-entity certificates using various filters within HTTP query parameters:

  • limit → the number of certificate search results to be returned (default of 20 responses, if no limit is specified, maximum of 99999999)

  • offset → used to paginate through response 'pages', once the 'limit' number of certificate responses has been reached within a page

  • account_id → search by Account ID (you can get your Account ID from the "Account Manager" application)

  • aki → search by a specific Authority Key Identifier (AKI) value of an end-entity certificate. This value matches the “Subject Key Identifier (SKI)” value of the Issuing CA. It helps when searching for certificates issued by a given Issuing CA without ambiguity

  • business_unit_id → search by Business Unit ID (you can get your Business Unit ID, or GUID, from the Business Unit Details page)

  • business_unit_name → search by a given Business Unit Name

  • common_name → search by Common Name

  • issuing_ca_id → search by the Issuing CA ID (you can get your CA ID from the "CA Manager" application)

  • issuing_ca_name → search by the Common Name of the Issuing CA

  • issuing_ca_serial_number → search by a given Issuing CA Serial Number

  • profile_id → search by Profile ID (you can get your Profile ID, or GUID, from the Profile Details page)

  • seat_id → search for 'internal' Seat ID (will allow for standard Seat IDs in a future release - currently using an internal ID)

  • seat_id_type → search by Seat Type (USER_SEAT, DEVICE_SEAT, SERVER_SEAT, IMPORTED_SEAT, UNMANAGED_SEAT)

  • serial_number → search by Serial Number

  • status → search by certificate status (valid, revoked, expired, suspended)

  • valid_from → search by certificate Valid-From date and exclude certificates issued before such date (date format: yyyy-mm-dd)

  • valid_to → search by certificate Valid-To date and exclude certificates issued after such date (date format: yyyy-mm-dd) See Swagger API documentation for details, under Resources menu item, e.g. https://one.digicert.com/mpki/docs/swagger-ui/index.html#/Certificates/get_mpki_api_v1_certificate_search

Other enhancements

Audit Log

  • Ability to search for audit log events by using a Seat ID

  • Added audit log entries for revocation events

Redesigned Tables 

Redesigned tables used for listing and filtering data for the below pages:

  • Enrollments List page

  • Business Units List page

  • Certificates List page

  • Templates List page

  • Seats List page

Known issues

  • Due to known bug, Unmanaged Seats can not be deleted and Unmanaged certificates can not be downloaded from the Certificates page.

  • The Dashboard chart does not currently show Unmanaged/Imported certificate data.