Skip to main content

DigiCert KeyLocker

2023 releases

November 2, 2023

DigiCert® ONE version: 1.682.0 | DigiCert KeyLocker: 1.682.0

Enhancements

Version number change for KeyLocker client tools

You may have been notified about an updated version of KeyLocker tools. However, if you have already downloaded version 1.41.0 of the KeyLocker client tools, there is no need to update your client tools to the latest version, as the changes made do not affect KeyLocker users.

November 1, 2023

New

Two-factor authentication (2FA) requirement

Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).

You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.

How to enable two-factor authentication in Account Manager.

注記

If you use single sign-on (SSO) to access your DigiCert ONE account, the new two-factor authentication requirement does not affect you. However, the requirement will activate if you modify your SSO settings.

October 25, 2023

DigiCert® ONE version: 1.6201.5 | DigiCert KeyLocker: 1.675.0

Enhancements

Desync all certificates associated with a keypair

The SMCTL desync command previously only desynced the expired and revoked certificates associated with a keypair from the local Windows store. We have improved the functionality of this command to allow you to additionally specify invalid or all as a parameter in the Windows desync command so that all certificates associated with the keypair would be desynced.

Simplified verify command

The SMCTL verify signature command has previously provided a lengthy output that made it difficult to identify if the verification of the signature was a success or failure. We have introduced a new parameter called --quiet that can be added to the verify signature command to limit the output of the command to one sentence confirming if the verification of the signature is a success or failure.

September 27, 2023

DigiCert® ONE version: 1.6074.8 | DigiCert KeyLocker: 1.660.0

Enhancements

KeyLocker client tools now supports newer macOS architecture

DigiCert​​®​​ KeyLocker client tools previously only worked on old versions of MacOS with x86_64 architecture. To support the newer versions of macOS with arm64 architecture we upgraded our macOS client tools to support signing on both macOS x86_64 and arm64 architecture.

August 25, 2023

DigiCert® ONE version: 1.5874.9 | DigiCert KeyLocker

Fixes

Unable to integrate with CertCentral using an API key

New DigiCert​​®​​ KeyLocker accounts were unable to connect to CertCentral using a CertCentral API key. This issue has been fixed and new DigiCert​​®​​ KeyLocker accounts are successfully able to connect to CertCentral using a CertCentral API key.

August 16, 2023

DigiCert® ONE version: 1.5874.6 | DigiCert KeyLocker

Enhancements

Support plans

On August 15, 2023, DigiCert upgraded our support plans to provide a better, more customizable experience. These improved plans are scalable and backed by our technical experts to ensure your success.

New plans:

  • Standard support (free)

  • Business support (mid-level)

  • Premium support (highest-level)

For more details about what these plans include, see the DigiCert Support Plans and DigiCert Support: Enabling Your Success.

How does this affect me?

To show our appreciation, DigiCert has upgraded all existing customers to either Business or Premium support plans for a limited time at no additional charge. See our August 15 change log entry.

How the limited-time upgrade works:

  • Platinum support plans are upgraded to Premium support for the duration of the contract.

  • Gold or Platinum-Lite support plans will be upgraded to Premium support for the duration of your contract.

  • Included (non-paid) DigiCert support will be upgraded to Business support for up to one year.

July 5, 2023

DigiCert® ONE version: 1.5658.0 | DigiCert KeyLocker

New

macOS support

DigiCert​​®​​ KeyLocker now supports signing on macOS. You can continue to sign directly with third-party signing tools or use Signing Manager Controller (SMCTL), a command line interface (CLI) that offers simplified signing integrated with third-party signing tools. Download macOS clients to enable signing. To identify the third-party signing tools required to sign, refer to file types supported for signing.

Fixes

DigiCert Click-to-sign is only compatible with Windows 10

Fixed tool descriptions to specify that DigiCert Click-to-sign is only compatible with Windows 10.

June 28, 2023

DigiCert® ONE version: 1.5428.8 | DigiCert KeyLocker

Enhancements

KeyLocker wizard improvement

When creating an API token or client authentication certificate from the KeyLocker wizard, users had to select a hyperlink. We found that this was not intuitive enough and resulted in users selecting Next without creating an API token or client authentication certificate. Added a Create button to streamline the process.

Consistent certificate and keypair aliases

Signing commands often require the keypair alias and/or the certificate alias. These aliases are case-sensitive. To prevent unnecessary errors during signing, we have ensured that all certificate and keypair aliases are assigned in lowercase and have assigned the keypair and certificate aliases in a predictable format. Example:

CertCentral order number: 12345

Keypair alias: key_12345

Certificate alias: cert_12345

Fixes

Failure to create KeyLocker account

When a user requested a code signing certificate with KeyLocker provisioning in CertCentral, the master administrator for the CertCentral account was used to create the KeyLocker lead. This workflow caused KeyLocker account creation to fail when CertCentral accounts had no master administrator assigned to their account. In future, when a user requests a code signing certificate with KeyLocker provisioning in CertCentral, the user who approves the certificate request will become the KeyLocker lead.

KeyLocker wizard redirect

Fixed an issue that loaded and incorrect page when loading the KeyLocker wizard, then redirected to the correct page. When selecting Get Started in KeyLocker, the wizard now correctly displays without the redirect.

Integrated tools not displaying in KeyLocker wizard

Fixed an issue where a banner message failed to confirm the tools the user could use to sign after running the smctl healthcheck command in step 3 of the KeyLocker wizard. Running the healthcheck command and selecting the Check status button now displays a banner confirming which signing tools the user has integrated with and can use to sign.

June 21, 2023

DigiCert® ONE version: 1.5428.7 | DigiCert KeyLocker

Fixes

Documentation update

Link users to online documentation for KeyLocker workflows from resources section of the UI. Remove documentation links to API for KeyLocker customers in resources section of the UI.

Order processing issue

Resolved a processing bug whereby when a CertCentral order request failed, it caused other orders for the account also to not processed. This issue is resolved with this release.

June 14, 2023

DigiCert® ONE version: 1.5428.5 | DigiCert KeyLocker

Enhancements

User setup wizard

Implemented several content fixes and workflow improvements to the user setup wizard to help improve the overall experience when first using KeyLocker.

Account MFA

Enabled multi-factor authentication for all KeyLocker accounts at time of account setup.

Key alias format

Changed format of key alias from Key(CountOfKeysForAccount) to Key_CC_orderID.

Order processing

KeyLocker now saves CertCentral order details in Keylocker even if the following occur:

  • Keypair generation at HSM fails.

  • CSR update at CertCentral for the order fails.

Instead, you now receive the following error in CertCentral for one of the above failures: "CSR update failed for order ID. The requested action could not be completed at this time due to a resource conflict. Please try again after previous actions have completed."

May 30, 2023

DigiCert® ONE version: 1.5118.10 | DigiCert KeyLocker

New

KeyLocker key storage feature for CertCentral

DigiCert ONE is launching support for KeyLocker. KeyLocker is DigiCert's cloud-based key storage solution, compliant with CA/B Forum requirements for storing private keys for code signing and EV code signing certificates.

In this release, we are enabling service-to-service APIs to support key generation and check for feature flag enablement of DigiCert ONE accounts for the KeyLocker use case.

More features will follow in future releases.