DigiCert KeyLocker
2023 releases
November 2, 2023
DigiCert® ONE version: 1.682.0 | DigiCert KeyLocker: 1.682.0
Enhancements
Version number change for KeyLocker client tools
You may have been notified about an updated version of KeyLocker tools. However, if you have already downloaded version 1.41.0
of the KeyLocker client tools, there is no need to update your client tools to the latest version, as the changes made do not affect KeyLocker users.
November 1, 2023
New
Two-factor authentication (2FA) requirement
Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).
You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.
How to enable two-factor authentication in Account Manager.
Note
If you use single sign-on (SSO) to access your DigiCert ONE account, the new two-factor authentication requirement does not affect you. However, the requirement will activate if you modify your SSO settings.
October 25, 2023
DigiCert® ONE version: 1.6201.5 | DigiCert KeyLocker: 1.675.0
Enhancements
Desync all certificates associated with a keypair
The SMCTL desync command previously only desynced the expired
and revoked
certificates associated with a keypair from the local Windows store. We have improved the functionality of this command to allow you to additionally specify invalid
or all
as a parameter in the Windows desync command so that all certificates associated with the keypair would be desynced.
Simplified verify command
The SMCTL verify signature command has previously provided a lengthy output that made it difficult to identify if the verification of the signature was a success or failure. We have introduced a new parameter called --quiet
that can be added to the verify signature command to limit the output of the command to one sentence confirming if the verification of the signature is a success or failure.
September 27, 2023
DigiCert® ONE version: 1.6074.8 | DigiCert KeyLocker: 1.660.0
Enhancements
KeyLocker client tools now supports newer macOS architecture
DigiCert® KeyLocker client tools previously only worked on old versions of MacOS with x86_64 architecture. To support the newer versions of macOS with arm64 architecture we upgraded our macOS client tools to support signing on both macOS x86_64 and arm64 architecture.
August 25, 2023
DigiCert® ONE version: 1.5874.9 | DigiCert KeyLocker
Fixes
Unable to integrate with CertCentral using an API key
New DigiCert® KeyLocker accounts were unable to connect to CertCentral using a CertCentral API key. This issue has been fixed and new DigiCert® KeyLocker accounts are successfully able to connect to CertCentral using a CertCentral API key.
August 16, 2023
DigiCert® ONE version: 1.5874.6 | DigiCert KeyLocker
Enhancements
Support plans
On August 15, 2023, DigiCert upgraded our support plans to provide a better, more customizable experience. These improved plans are scalable and backed by our technical experts to ensure your success.
New plans:
Standard support (free)
Business support (mid-level)
Premium support (highest-level)
For more details about what these plans include, see the DigiCert Support Plans and DigiCert Support: Enabling Your Success.
How does this affect me?
To show our appreciation, DigiCert has upgraded all existing customers to either Business or Premium support plans for a limited time at no additional charge. See our August 15 change log entry.
How the limited-time upgrade works:
Platinum support plans are upgraded to Premium support for the duration of the contract.
Gold or Platinum-Lite support plans will be upgraded to Premium support for the duration of your contract.
Included (non-paid) DigiCert support will be upgraded to Business support for up to one year.
July 5, 2023
DigiCert® ONE version: 1.5658.0 | DigiCert KeyLocker
New
macOS support
DigiCert® KeyLocker now supports signing on macOS. You can continue to sign directly with third-party signing tools or use Signing Manager Controller (SMCTL), a command line interface (CLI) that offers simplified signing integrated with third-party signing tools. Download macOS clients to enable signing. To identify the third-party signing tools required to sign, refer to file types supported for signing.
Fixes
DigiCert Click-to-sign is only compatible with Windows 10
Fixed tool descriptions to specify that DigiCert Click-to-sign is only compatible with Windows 10.
June 28, 2023
DigiCert® ONE version: 1.5428.8 | DigiCert KeyLocker
Enhancements
KeyLocker wizard improvement
When creating an API token or client authentication certificate from the KeyLocker wizard, users had to select a hyperlink. We found that this was not intuitive enough and resulted in users selecting Next without creating an API token or client authentication certificate. Added a Create button to streamline the process.
Consistent certificate and keypair aliases
Signing commands often require the keypair alias and/or the certificate alias. These aliases are case-sensitive. To prevent unnecessary errors during signing, we have ensured that all certificate and keypair aliases are assigned in lowercase and have assigned the keypair and certificate aliases in a predictable format. Example:
CertCentral order number: 12345
Keypair alias: key_12345
Certificate alias: cert_12345
Fixes
Failure to create KeyLocker account
When a user requested a code signing certificate with KeyLocker provisioning in CertCentral, the master administrator for the CertCentral account was used to create the KeyLocker lead. This workflow caused KeyLocker account creation to fail when CertCentral accounts had no master administrator assigned to their account. In future, when a user requests a code signing certificate with KeyLocker provisioning in CertCentral, the user who approves the certificate request will become the KeyLocker lead.
KeyLocker wizard redirect
Fixed an issue that loaded and incorrect page when loading the KeyLocker wizard, then redirected to the correct page. When selecting Get Started in KeyLocker, the wizard now correctly displays without the redirect.
Integrated tools not displaying in KeyLocker wizard
Fixed an issue where a banner message failed to confirm the tools the user could use to sign after running the smctl healthcheck
command in step 3 of the KeyLocker wizard. Running the healthcheck command and selecting the Check status button now displays a banner confirming which signing tools the user has integrated with and can use to sign.
June 21, 2023
DigiCert® ONE version: 1.5428.7 | DigiCert KeyLocker
Fixes
Documentation update
Link users to online documentation for KeyLocker workflows from resources section of the UI. Remove documentation links to API for KeyLocker customers in resources section of the UI.
Order processing issue
Resolved a processing bug whereby when a CertCentral order request failed, it caused other orders for the account also to not processed. This issue is resolved with this release.
June 14, 2023
DigiCert® ONE version: 1.5428.5 | DigiCert KeyLocker
Enhancements
User setup wizard
Implemented several content fixes and workflow improvements to the user setup wizard to help improve the overall experience when first using KeyLocker.
Account MFA
Enabled multi-factor authentication for all KeyLocker accounts at time of account setup.
Key alias format
Changed format of key alias from Key(CountOfKeysForAccount)
to Key_CC_orderID
.
Order processing
KeyLocker now saves CertCentral order details in Keylocker even if the following occur:
Keypair generation at HSM fails.
CSR update at CertCentral for the order fails.
Instead, you now receive the following error in CertCentral for one of the above failures: "CSR update failed for order ID. The requested action could not be completed at this time due to a resource conflict. Please try again after previous actions have completed."
May 30, 2023
DigiCert® ONE version: 1.5118.10 | DigiCert KeyLocker
New
KeyLocker key storage feature for CertCentral
DigiCert ONE is launching support for KeyLocker. KeyLocker is DigiCert's cloud-based key storage solution, compliant with CA/B Forum requirements for storing private keys for code signing and EV code signing certificates.
In this release, we are enabling service-to-service APIs to support key generation and check for feature flag enablement of DigiCert ONE accounts for the KeyLocker use case.
More features will follow in future releases.