Enterprise PKI Manager
New
Certificate Profile Enhancements
Updated all certificate templates to support validity periods of up to 10-years, provided it does not supersede the validity period of its Issuing CA.
Support for new
encipherOnly
anddecipherOnly
Key Usages for ECDSA-based profiles, and provided the keyAgreement Key Usage has been previously selected.
Enhancements
EST Renewal - Support for EST renewal request using the
simplereenroll
EST operation. The certificate will be successfully renewed provided the renewal request:Is signed by a private key of an already issued certificate, thus following a proof-of-possession of the private key flow.
Is sent within the renewal window set within the associated certificate profile.
Opmerking
The renewed certificate will inherit the Subject DN values from the previously issued certificate, and any remaining days before its expiry will be added to the newly issued/renewed certificate.
UX Redesign
Redesign of the Seats Details page.
Redesign of the Create Seats and Enrollments pages for all supported seat types.
Fixes
Removed PKCS7 delivery format for profiles configured with either SCEP or EST enrollment methods. The only certificate delivery format now supported is X.509.
For EST-configured profiles:
Fix for issue with SAN fields set in the profile as Optional, but getting errors with EST enrollments stating they are mandatory.
Fix to support wider CSR formats, e.g. when using 'curl' as an http client