Enterprise PKI Manager

New

Dashboard widgets

Two new dashboard widgets are now available for accounts enabled with the certificate lifecycle management feature:

Auto-renewals — Displays the number of certificates that have been configured for auto-renewal with the certificate lifecycle management feature over the last 7, 30, 60, and 90 days.
Automation alerts — Sends alerts and warnings for automated workflow issues, including:
- Infrastructure issues (Sensor errors, connectivity issues to sensor connections etc)
- TLS product issues (access to issuing CA, approval pending etc)
- Runtime issues (application configuration, access restrictions etc)

RSASSA-PSS signature algorithms

Support for RSASSA-PSS signature algorithm options (sha256WithRSAPSS, sha384WithRSAPSS, sha512WithRSAPSS) when configuring profiles with an RSA Issuing CA from these templates:

External Private CA
Generic User Certificate
Generic Device Certificate
Generic Private Server Certificate

Resend approval email

Account admins with the appropriate permissions can now resend approval emails for approved enrollments. Before you can do this, open your profile on the Manage > Profiles page, and make sure you have approval and rejection emails enabled under the Additional options > Email configuration & notifications section.

When approval and rejection emails are enabled, you can resend emails on the Manage > Enrollments page. Right-click on an enrollment to pull up its action menu, and select Resend approval email.

Revocation reasons

Account admins with the appropriate permissions can now set the certificate revocation reason when:

Revoking one or multiple certificates via the Certificates page
Deleting a seat on the Seat page
Deleting a profile

Allowed revocation reasons for private certificates:

unspecified
key_compromise
affiliation_changed
superseded
privilege_withdrawn
cessation_of_operation (the default value)

Allowed revocation reasons for public certificates:

key_compromise
affiliation_changed
superseded
cessation_of_operation (the default value)

When no reason code is set, cessation_of_operation becomes the default reason code

The Swagger API documentation has been updated to reflect the allowed revocation reasons for both private and Public S/MIME certificates.

ACME-based certificate lifecycle actions

ACME public flows for certificates from CertCentral now support lifecycle actions, including renew, reissue, and duplicate issuance.

Certificate details section

When you select a certificate on the Certificates page, a new Certificate details section provides information such as the certificate serial number, signature algorithm, key length, lifecycle settings and schedules, organization, owners, and more.

Enhancements

Profile wizard enhancement

For profiles configured with the Manual Approval authentication method, additional authentication fields have been enhanced to show additional fields and cards, which you can re-order with new arrow icons or you can drag-and-drop the cards. The ordering of the additional authentication fields within the profile is respected and displayed within the public-facing enrollment pages.

Autoenrollment Server

Qualification of the DigiCert Autoenrollment Server using a Gemalto Network HSM with the Gemalto Universal Client 10.5. See the updated “HSM Installation and Configuration” guide here:
https://knowledge.digicert.com/generalinformation/digicert-one-enterprise-pki-manager-hsm-installation-and-configuration-guide.html

Lifecycle workflow improvements

On the Certificates page, you can now use the Unmanaged system view to filter for discovered certificates that were not issued by your DigiCert® Trust Lifecycle Manager account. These can be certificates that are managed manually or via automation.

Nesta secção: