Incremental Release 10.5 Notes

November 2023

Updates and Fixes

Fix: Certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. records could not be saved if they were using PAM for storing credential secrets.

Fix: On a seeded renewal (the Configure option), certificates with multiple SANs did not populate all of the SANs into the renewal form.

Fix: Certificate enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). regular expressions were not successfully filtering on leading spaces when validating expressions.

Fix: With the application settings for Allow Custom Friendly Name and Require Custom Friendly Name set to True, on PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. enrollment if the Include Chain option was deselected, the value provided in the friendly name field was overwritten with the value from the CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). field.

Fix: Certificates originally issued by a Microsoft certificate authority could not be renewed/reissued against an EJBCA certificate authority.

Deprecation

• The Classic API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. will be deprecated in Keyfactor Command version 11.0. All existing uses of the Classic API should be migrated to use Keyfactor API prior to upgrading to Keyfactor Command version 11. If these applications cannot be updated to the newer endpoints then the Allow Deprecate API Calls setting must be set to False (see Application Settings: API Tab in the Keyfactor Command Reference Guide). Otherwise, Keyfactor recommends that these endpoints be disabled to reduce exposure to unauthorized or unintended use.

• The Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. will be deprecated in a future version of Keyfactor Command. Customers are encouraged to begin planning a migration to the Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux. with the Remote File custom extension publicly available at:

  https://github.com/Keyfactor/remote-file-orchestrator

Known Issues

• Under some circumstance, the Test Connection button on the Certificate Authority dialog will erroneously display an error when clicked for a previously saved CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.. Despite the error message, the CA still functions (i.e., syncs, enrollments still go through). To work around the error, click the Save and Test button.