Skip to main content

Enterprise PKI Manager

Enhancements

New SAN Other Name (Custom) field - Support for one or multiple Subject Alternative Name (SAN) custom OIDs to be configured for profiles using the REST API enrollment method and 3rd Party authentication method. Other Name (Custom) values can be set via fixed values within the profile or dynamically populated via an API request - see Swagger API documentation for details, under Resources menu item. This feature is available for all 3 templates: Generic User, Generic Private Server and Generic Device.

DigiCert Desktop Client enhancements

  • Release of DigiCert Desktop Client v3.2.1 to support new enhancements and bug fixes.

  • Support for Microsoft Internet Explorer 11 browser for public-facing web pages used by the DigiCert Desktop Client flows.

  • Translated public-facing pages for DigiCert Desktop Client flows into the supported languages.

  • Hardware tokens: support to configure one or multiple hardware tokens when configuring a User profile with DigiCert Desktop Client as the enrollment method, and enforce keys to be generated on the token and matching certificate provisioned to the token. Qualified tokens are listed below, but other tokens may work:

    • Gemalto eToken family: eToken 5100, eToken 5300

    • Feitian ePass2003 (for Windows)

  • Certificate (hosted on tokens) are renewed following a proof-of-possession of the private key flow, similar to software certificates.

  • New web pages with Overview, Support matrix and How to configure steps when clicking on the title cards for DigiCert Desktop Client (Windows and macOS) within Resources -> Client Tools menu option.

New REST API - Enrollment Code endpoint - new API endpoint (/mpki/api/v1/enrollment/redeem) to allow a profile to be configured with REST API as the enrollment method and Enrollment Code as the authentication method, for customer integrations requiring issuance of certificates via API only after a valid enrollment code is provided. See Swagger API documentation for details, under Resources menu item.

Note that default email notification templates should be customized by customers administrator to remove the default enrollment/renewal links, or disable the notifications for the configured profile, if not required.

Bug Fixes

  • DOEPM-2141: fixed issue with not being able to download certificate for Unmanaged Seat type.

  • DOEPM-2117: fixed issue with not being able to delete Unmanaged Seats, since it was attempting to revoke associated certificate, but couldn't because this seat type assumes the Issuing CA is not available in the account.

  • DOEPM-2164: modified the SCEP GetCACert response format from PKCS7 to X509 and changed the response Content-type from x-x509-ca-ra-cert to x-x509-ca-cert.