Keyfactor announces the Keyfactor Cloud Gateway 24.1, which includes updates to NLOG functionality.
Keyfactor Cloud Gateway v24.1 (February 2024)
-
Update: NLOG functionality upgraded to support the ${local-ip} Local-IP-Address-Layout-Renderer.
Keyfactor Cloud Gateway v23.4 (November 2023)
-
Fixed: The gateway service now runs correctly when configured to run as a custom service account rather than Network Service.
Keyfactor Cloud Gateway v23.3 (August 2023)
-
Update: During installation, on the template
A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. tab of the gateway configuration wizard, template validation logic checks that the template has CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). enabled. If CSR enrollment is not enabled, the template will not be valid for mapping and a validation error message will be displayed when adding the template. -
Update: When a machine or user certificate is issued with a template that has either the User principal name (UPN) or Service principal name (SPN) SAN
The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. box checked and the subject's account does not have a value for UserPrincipalName:-
If the account is a machine, the PrincipalName SAN will be set to samAccountName$@domain.fqdn.
-
If the account is a user, the PrincipalName SAN will be set to samAccountName@domain.fqdn.
-
-
Fixed: Changes to a certificate template at the CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. level were not reflected by the gateway until a restart of the gateway service.
Keyfactor Cloud Gateway v22.2 (February 2022)
-
Update: The gateway now sends the ObjectSID to the managed CA to support the changes made to the Microsoft CA based on KB5014754. For more information, see:
-
Update: Improvements to Active Directory group syncing for nested groups.
-
Update: The installer includes an option to modify an existing installation.
-
Fix: The gateway was using the incorrect DCOM port when the port was configured statically.
-
Fix: When the gateway was installed with the Keyfactor Managed CA Sync service only, account synchronization failed because a certificate to decrypt the synchronization data could not be specified in the configuration (without installing the Keyfactor Managed CA Gateway service).
-
Fix: An obscure error message was generated on attempting to load the configuration wizard if the gateway service was not running. The gateway service now starts automatically when the configuration wizard is run.
Keyfactor Cloud Gateway v21.3 (March 2021)
-
Update: The Keyfactor Managed CA Gateway service and Keyfactor Managed CA Sync service can now be installed separately to allow different servers to handle these roles.
-
Update: The gateway now supports enroll on behalf of functionality. When configured in this way, the Keyfactor Cloud Gateway allows a user with an enrollment agent certificate to enroll for a certificate on behalf of another user—so John requests a certificate for Martha. This type of functionality is often used when provisioning smart cards or similar technology.
-
Update: A sync timeout option has been added to allow you to adjust the timeout when the synchronization service attempts to send data to the cloud-based receiver.
-
Fix: On upgrade from a previous version, the gateway did not correctly preserve the existing configuration settings.
Keyfactor Cloud Gateway v20.9 (November 2020)
-
Fix: Certificate requests submitted through the gateway that were configured to populate from Active Directory on the gateway side and that required manager approval on the CA side did not correctly include the Common Name
A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). passed up from the gateway in the Issued Common Name field. This is now included in addition to SAN values passed up from the gateway retrieved from Active Directory in the gateway environment. -
Fix: On installation in a clustering environment, the Keyfactor Managed CA Sync service was not updated to run as an Active Directory user rather than the default of Network Service when this change was made for the service in the clustering configuration.
Keyfactor Cloud Gateway v20.7 (July 2020)
-
Update: Improvements to Active Directory group syncing to address issues with multi-domain environments, domain local groups, and timeouts with occasional high server load in larger or more complex Active Directory environments.
-
Update: Add support for Windows clustering.