Incremental Release 8.1 Notes

November 2020

New Features

• Scriptable Windows Orchestrator Installation

  The Windows Orchestrator The Windows Orchestrator, one of Keyfactor's suite of orchestrators, is used to manage synchronization of certificate authorities in remote forests, run SSL discovery and management tasks, and interact with Windows servers as well as F5 devices, NetScaler devices, Amazon Web Services (AWS) resources, and FTP capable devices, for certificate management. In addition, the AnyAgent capability of the Windows Orchestrator allows it to be extended to create custom certificate store types and management capabilities regardless of source platform or location. now supports a fully scriptable installation.

• Pending Requests Show AD Information

  Pending requests now show the information that would be populated from AD such as Distinguished Name, Common Name A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com)., and Subject Alternative Names.

• AnyAgent Management Job can Trigger an Inventory Job

  If an inventory job id is returned to an AnyAgent The AnyAgent, one of Keyfactor's suite of orchestrators, is used to allow management of certificates regardless of source or location by allowing customers to implement custom agent functionality via an API. in the completion call of a management job, the inventory job will be initiated after the management job completes.

• UPN as SAN

  Added support for UPN as a SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. type when enrolling through Keyfactor Command.

• P7B Import

  A P7B A PKCS #7 format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PKCS #7 certificates always begin and end with entries that look something like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. Unlike PEM files, PKCS #7 files can contain only a certificate and its certifiate chain but NOT its private key. Extensions of .p7b or .p7c are usually seen on certificate files of this format. file can be imported into Keyfactor Command via the Certificate Import UI and API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. without having to be converted to another file format.

Updates and Improvements

• Infrastructure

  Fixed an issue in the configuration wizard with SQL authentication and with enabling the CMSAPI when using a saved configuration file.

• SSL Discovery & Monitoring

  Fixed an issue with network ranges disappearing in the UI on edit.

• Expiration Alerts

  Expiration renewal emails now contain the success or failure of the renewal job.

• Certificate Templates

  Fixed an issue that was preventing newly created certificate templates from being imported.

• Reporting

  Fixed an issue where the report manager incorrectly reported unsaved changes.

• Certificate Stores

  Fixed an issue to allow NetScaler certificates to be renewed even if the original certificate at the endpoint An endpoint is a URL that enables the API to gain access to resources on a server. did not have the private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure..

• Certificate Metadata

  Fixed an issue where big text metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. fields that contained XML or line breaks were causing an audit signing mismatch.

• Management Portal

  Updated the error message displayed when using IE to be more descriptive that IE is no longer supported.

• Certificate Metadata

  Added non-US date formats to the metadata date field validation.

• Certificate Revocation

  Fixed an issue with revocation and non-US date time formats.

• Management Portal

  Adjustments to font color in some areas of the portal and reports for better visibility.

• Management Portal

  Minor UI fixes and updates.

• SSL Discovery & Monitoring

  Fixed an issue with SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. endpoints being marked as reviewed or monitored in bulk.

• API

  Fixed a problem where the GET SSL/Networks API endpoint was ignoring the querystring value passed to it.

• API

  Updates to Swagger API documentation continue.

• Certificate Stores

  Certificate store management job custom fields now display when scheduling management job.

• Certificate Stores

  On PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., removed the requirement for the NetScaler server name when deploying to Netscaler.

• Certificate Stores

  Revoked Certificates in Certificate Stores report now accepts a collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). as a parameter A parameter or argument is a value that is passed into a function in an application..

• Dashboard

  Fixes to allow parenthesis in the CRL A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. Revocation Monitoring URLs used in the Dashboard.

• Certificates

  Fixed a re-issued certificate problem that had a field incorrectly filled in.

• SSL Discovery & Monitoring

  Fixed an issue in SSL network definitions to restore the ability to add a range of ports.

• CSR Generation

  Fixed an issue with the CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. Generation page reporting an invalid template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received..

• Orchestrators

  Disapproved orchestrators are now hidden by default in the Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. Management page.

• Enrollment

  Allow enrollment with a CSR that has no CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). and/or SAN.

• CSR Generation

  Removed the option for RSA 1024 from the CSR Generation page.

• Reporting

  Added DNS The Domain Name System is a service that translates names into IP addresses. name to the Full Certificate Extract report.

• Reporting

  Expiration Report sorts on Expiration Date by default.

Known Issues/Limitations

• Version

  Version 8.0.4.0 is the correct version for Keyfactor Command 8.1.

• Certificates

  Deleting a collection that is used in an alert or a report schedule will fail without saying why. This will be updated in a future version. The workaround is to remove the collection from the report schedules and/or alerts and then deleting it.