Monthly Release 12.5 Notes

October 2024

Tip: Keyfactor recommends that you check the Keyfactor GitHub Site (https://keyfactor.github.io/integrations-catalog/) with each release that you install to check if you will need to download the updated orchestrators to work with that version of Keyfactor Command.

For a complete list of the items included in this release, see Release Note Details v12.5.

Updates and Fixes

Fix: Expiration alert workflows with a Renew Expired Certificates step would fail to renew the certificate with an error beginning: Error on query execution: Cannot insert the value NULL into column ‘RoleName’.
Fix: Keyfactor Command upgrades would sometimes fail in the CSS.CMS.Install.Upgrade.Scripts.Workflows_AddUserRoles.sql module.
Fix: When the Keyfactor SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. Attribute Policy Handler was configured on the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. to which an enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). request from Keyfactor Command was directed, the enrollment request did not include a DNS The Domain Name System is a service that translates names into IP addresses. SAN but did contain another type of SAN (e.g. email), and the Enforce RFC 2818 Compliance policy was not enabled either system-wide or at the template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. level, the request would fail with an error indicating that a DNS SAN was required (which is not the case in this scenario).
Fix: Enrollment requests from Keyfactor Command using delegated authentication and requiring approval at the CA level against a Microsoft CA were failing with an error in Keyfactor Command of “EnumViewColumn failed” if the user making the enrollment request had only Request Certificates permission on the CA and not any other permission (not Read permission).
Fix: If a user successfully authenticated to the Keyfactor Command Management Portal but did not have authorization to view the page requested, the user would receive a redirect error rather than the expected access denied message.
Fix: POST /Enrollment/CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. requests no longer generate a 400 response and Value cannot be null error under some circumstances on enrollment when requests are made by a user authenticated with an OAuth token.
Fix: PUT /Certificates/Metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. no longer overwrites values in unspecified metadata fields when updating the value in a specified metadata field.

Known Issues

In Application Settings > Enrollment tab > PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers., if you set the File Extension to a value other than PFX, you get an error upon save. This will be fixed in a future release.

Deprecation

See the 12.0 release notes (Deprecation & Removals) regarding deprecation and removal of the following products: Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed., Keyfactor Windows Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores., Keyfactor Mac Auto-Enroll Agent, and Classic API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command..

Notices

See the 12.4 release notes (Notices) regarding Logi License Expiration.

API Endpoint Change Log

Please review the information in the API Change Log for this release carefully if you have implemented any integration using these endpoints: API Change Log v12.5.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: