Skip to main content

Enterprise PKI Manager

New

DigiCert Desktop Client - support for a new client that allows the creation of keys on native browser keystores and provisioning of User certificates using the configured authentication method within a profile, for both Windows and macOS platforms. You simply need to configure a new User certificate profile and choose "DigiCert Desktop Client" as the enrollment method. Supported features:

  • Private key exportability

    Policy feature for browsers using the Windows certificate store - Firefox or any browser on macOS machines do not support this policy feature.

  • Certificate renewal

    The renewal of software certificates is based on a proof-of-possession of the private key flow, allowing to strongly authenticate the renewal request by using the DigiCert Desktop Client to locate the matching private key for the certificate being renewed, and signing a transaction using such private key.

  • Client Tools page

    New web page within Enterprise PKI Manager (under "Resources" menu option) from where administrators can download the DigiCert Desktop Client.

Note

Support for hardware tokens will be delivered as part of the next release

Updates

  • "From CSR" source - Support for a new certificate field source called "From CSR" that can be used when configuring profiles with the "CSR" enrollment method, allowing certificate request values to be read from within the CSR.

  • Created date for Enrollments page - The Enrollments page now has an additional column called "Created date" and sort by most recent enrollments at the top of the page. Also added a "Profile" column to the Enrollments page to display the profile name associated to every enrollment.

  • Profile enhancements

    • Administrators can now filter saved profiles based on the "Seat pool".

    • Added a Description to each template.

    • All supported Key Usages for all Generic templates are now configured as optional, with the exception of the "Digital signature" key usage, since at least one value must be set.