Incremental Release 10.1 Notes

November 2022

Changes and Improvements

• Keyfactor Universal Orchestrator Supports gMSA

  The Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux. now supports running its service as a group managed service account (gMSA).

• SSL Discovery and Monitoring Jobs have Reset Scan Option

  A new Reset Scan option has been added for SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. discovery and monitoring jobs that allows to you recover from an SSL job that appears to be stuck or crashed.

Updates and Fixes

• Update: All Keyfactor Command (timer) service jobs have consistent start and stop log messages in both the file and Windows Event Viewer.

• Update: A PAM provider can be used directly by the Keyfactor Universal Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores., such that the server does not retrieve, and does not have access to, the credential.

• Update: Ed448 and Ed25519 keys are now supported for certificate enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., policy, import and search.

• Update: Improved support for the Keyfactor Command (timer) service—including a job locking mechanism—in High-Availability implementations.

• Fix: GET /SSL is returning duplicate info in some instances with endpoints sharing a common chain.

• Fix: Certificate store Discovery jobs could not be executed.

• Fix: AnyGateway The Keyfactor AnyGateway is a generic third party CA gateway framework that allows existing CA gateways and custom CA connections to share the same overall product framework. was declaring all requests as new instead of renew or reissue.

• Fix: The SMTP Short for simple mail transfer protocol, SMTP is a protocol for sending email messages between servers. Sender Account was not populated during the installation and configuration process.

• Fix: SSL discovery scan job errors for entries with a null display name.

Policy Module Updates

• Migrated the Policy Modules to .NET Core 6.

• Updated the Policy Module to create a Windows Event Log entry when the current license is within 60 days of expiration.

• Updated the Policy Module installer to include the EnterpriseLite, SubjectFormat and SCEPRequester modules.

• Updated the Policy Handler Configuration so that changes no longer require the ADCS service to be restarted.