Enterprise PKI Manager
New
DigiCert Desktop Client - support for a new client that allows the creation of keys on native browser keystores and provisioning of User certificates using the configured authentication method within a profile, for both Windows and macOS platforms. You simply need to configure a new User certificate profile and choose "DigiCert Desktop Client" as the enrollment method. Supported features:
Private key exportability
Policy feature for browsers using the Windows certificate store - Firefox or any browser on macOS machines do not support this policy feature.
Certificate renewal
The renewal of software certificates is based on a proof-of-possession of the private key flow, allowing to strongly authenticate the renewal request by using the DigiCert Desktop Client to locate the matching private key for the certificate being renewed, and signing a transaction using such private key.
Client Tools page
New web page within Enterprise PKI Manager (under "Resources" menu option) from where administrators can download the DigiCert Desktop Client.
Note
Support for hardware tokens will be delivered as part of the next release
Updates
"From CSR" source - Support for a new certificate field source called "From CSR" that can be used when configuring profiles with the "CSR" enrollment method, allowing certificate request values to be read from within the CSR.
Created date for Enrollments page - The Enrollments page now has an additional column called "Created date" and sort by most recent enrollments at the top of the page. Also added a "Profile" column to the Enrollments page to display the profile name associated to every enrollment.
Profile enhancements
Administrators can now filter saved profiles based on the "Seat pool".
Added a Description to each template.
All supported Key Usages for all Generic templates are now configured as optional, with the exception of the "Digital signature" key usage, since at least one value must be set.