Skip to main content

Enterprise PKI Manager

New

  • External Private CA - TLS Inspection - Support for TLS inspection use-cases, where a Private CA certificate can be issued via CSR web-based flow or via REST API, and installed on a TLS inspection appliance to decrypt (and re-encrypt) end-user web traffic before leaving the enterprise network. This new use-case is delivered making use of:

    • A new Seat type named Organization, for which you will require to purchase the appropriate license.

    • A new certificate template named External Private CA, from which you can configure your TLS Inspection CA certificate requirements as part of the profile wizard.

    • A Private Issuing CA certificate that has been configured with the Issue unmanaged CA option, which can be enabled within the CA Manager application by an administrator with appropriate permissions: under Manage CAs, click on ICAs → your ICA name → Issuance settings → and check the Issue unmanaged CA checkbox.

  • New Certificate Template - DCC Organization Certificate - New template to support specific requirements to issue Organization ECDSA certificates to utility operators accessing the UK's smart meter solution, using a very specific certificate profile content.

Enhancements

  • Certificate Profile

    • All certificate fields within the Subject DN section currently signed using a PrintableString data type (with the exception of the "Country" field, will now be signed by the CA using UTF8String as the default encoding type.

    • Added Data encipherment Key Usage to both the Generic User and Device Certificate templates, which can be optionally selected when creating a certificate profile.

  • SCEP - Profiles configured with the SCEP enrollment method will now show an additional option that allows an Administrator to configure the required SCEP encryption algorithm, from one of the below 3 algorithms:

    • DES-EDE3-CBC (3DES)

    • AES128-CBC -> this is the default/selected algorithm

    • AES256-CBC

  • The GetCACaps SCEP operation has been updated to show support for DES3 and SCEPStandard. You can view the SCEP capabilities response here.

Fixes

  • Fixed UI bug related to the maximum validity period allowed for a private certificate (10-years) to account of leap years.

  • Removed asterisk from Comments text area on public-facing enrollment pages, which were implying this field is mandatory, but it is not.

  • Fixed non-rendered ${stat} variable, visible on public-facing enrollment pages.

Nesta secção: