June 2024
Updates and Fixes
-
Fix: Seeded enrollments now populate the PFX Enrollment page regardless of which type of metadata
Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. is populated on the certificate. -
Fix: When using the Configure option to renew a certificate, the pre-existing metadata will now appear as the previous value, not as object object.
- Fix: When regex validation is configured for a SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. that allows an empty value, enrollment now succeeds if no SAN value is entered during enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)..
-
Fix: PFX and CSR enrollments containing IP, Email, or DNS
The Domain Name System is a service that translates names into IP addresses. SANs no longer cause excess warnings in CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. syncs logs (such as [Warn] - Ignoring unknown extension based SAN with value '127.0.0.1'). Also PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment details IP, Email, DNS SANs now show up in the Pending Request details. -
Fix: A certificate template
A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. with a minimum key size The key size or key length is the number of bits in a key used by a cryptographic algorithm. of RSA 2048 can now use RSA 3072. -
Fix: During PFX Renewal using the Configure option, the page now populates with the same Key Algorithm and Key Size from the original certificate.
Deprecation
-
The Keyfactor Java Agent
The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. will be deprecated in a future version of Keyfactor Command. Customers are encouraged to begin planning a migration to the Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. with the Remote File custom extension publicly available at:
API Endpoint Change Log
No API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.
Was this page helpful? Provide Feedback