Skip to main content

Enterprise PKI Manager

New and enhancements

Enrollment Code authentication flow enhancements

  • Support to optionally configure a profile to make use of a static/fixed Enrollment URL instead of the current dynamically-generated Enrollment URL, for end-users to initiate their certificate enrollment process and authenticate via an Enrollment Code.

  • This feature is enabled by configuring a profile with the Enrollment Code authentication method and selecting the new checkbox labeled as Use fixed Enrollment URL.

  • The fixed URL will be included within the emails sent to end users, and displayed within the saved profile under the profile details page.

  • This new option is mutually exclusive to the other Enrollment Code option already available within the profile: “Embed code in enrollment URL“

DigiCert Autoenrollment Server enhancements

  • Support for Gemalto Network HSM using the Gemalto Universal Client v10.2 using the same v2.22.2.0 Autoenrollment Server binary available for download from the Resources > Client tools page.

  • A client authentication certificate must be issued from a Private CA available within your account.

Note

Refer to this Knowledge Base article to access the HSM installation and configuration guide

Support for new Subject DN fields - New Subject DN fields that can be included within a certificate profile for a specific set of templates:

  • For the Generic User Certificate / Generic Device Certificate / Generic Server Certificate / Private S/MIME Secure Email / Private Code Signing templates:

    Given nameSurnameJob titleDN qualifier

  • For the Domain Controller / User Client Authentication for Microsoft Intune (SCEP) / Device Authentication for Microsoft Intune (SCEP) templates:

    Given nameSurnameJob title

Note

For profiles created with the "Microsoft Autoenrollment" enrollment method, the new Subject DN fields are not supported.

CSV generation enhancements

The CSV report generation process for the Certificates and Seats pages has been enhanced to dynamically add to the CSV file the fields displayed within the table on the web page, instead of showing a fixed set of fields.

Warning

The CSV file can contain up to a maximum of 5000 records.

Fixes

  • [DOEPM-3303] Block issuance of multiple unique certificates (with unique Subject DN values) against the same Device or Server Seat ID.

  • [DOEPM-3413] Missing ‘revocationReason’ and ‘revocationDate’ values from the audit-log API response.

  • [DOEPM-3255] Issue with SAML enrollment flows requesting an unnecessary “Requestor Email” field within the enrollment page, when an email-like certificate field (e.g. SubjectDN:Email, SAN:rfc822Name) is already included in the SAML Assertion and mapped to a certificate profile as a mandatory field. The field will be displayed if set within the Seat ID mapping profile page, for profiles configured with SAML + manual approval flow.