CA Manager

Import External Roots, Intermediate CAs and their keys - CA Manager will now accept import of 3rd-party generated CAs, along with their keys, so that they may be used for issuance on DigiCert ONE, or managed by the lifecycle management tools. CAs must be in PKCS#12 / PFX format for import

Export CA files and keys - When creating a Root or Intermediate CA, there is now the option to allow export of that CAs and key in PKCS#12 / PFX format. To ensure security, the export process follows the Four Eyes principle - only a properly permissioned account-scope administrator may trigger the export, and they must designate another administrator who may complete the export.

Designate HSM partition for key escrow - To facilitate the Export CAs and Keys feature, an HSM partition can be designated to create a master key for key escrow.