Skip to main content

Enterprise PKI Manager

New

Certificate Profile Enhancements

  • Updated all certificate templates to support validity periods of up to 10-years, provided it does not supersede the validity period of its Issuing CA.

  • Support for new encipherOnly and decipherOnly Key Usages for ECDSA-based profiles, and provided the keyAgreement Key Usage has been previously selected.

Enhancements

  • EST Renewal - Support for EST renewal request using the simplereenroll EST operation. The certificate will be successfully renewed provided the renewal request:

    • Is signed by a private key of an already issued certificate, thus following a proof-of-possession of the private key flow.

    • Is sent within the renewal window set within the associated certificate profile.

      Nota

      The renewed certificate will inherit the Subject DN values from the previously issued certificate, and any remaining days before its expiry will be added to the newly issued/renewed certificate.

  • UX Redesign

    • Redesign of the Seats Details page.

    • Redesign of the Create Seats and Enrollments pages for all supported seat types.

Fixes

  • Removed PKCS7 delivery format for profiles configured with either SCEP or EST enrollment methods. The only certificate delivery format now supported is X.509.

  • For EST-configured profiles:

    • Fix for issue with SAN fields set in the profile as Optional, but getting errors with EST enrollments stating they are mandatory.

    • Fix to support wider CSR formats, e.g. when using 'curl' as an http client