June 2023
Updates and Fixes
-
Fix: Certificate profiles from EJBCA could not be imported if they were not the first CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. listed in the Allowed CAs on the certificate profile. -
Fix: End entity profiles configured in EJBCA with Any CA in the Allowed CAs were not displaying in the Management Portal CSR
A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. and PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). pages. -
Fix: Upgrading to Keyfactor Command version 10 was very slow in environments with a large number of certificate requests in the database.
Deprecation
- The Classic API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. will be deprecated in Keyfactor Command version 11.0. All existing uses of the Classic API should be migrated to use Keyfactor API prior to upgrading to Keyfactor Command version 11. If these applications cannot be updated to the newer endpoints then the Allow Deprecate API Calls setting must be set to False (see Application Settings: API Tab in the Keyfactor Command Reference Guide). Otherwise, Keyfactor recommends that these endpoints be disabled to reduce exposure to unauthorized or unintended use.
-
The Keyfactor Java Agent
The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. will be deprecated in a future version of Keyfactor Command. Customers are encouraged to begin planning a migration to the Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. with the Remote File custom extension publicly available at:
API Endpoint Change Log
No API endpoint An endpoint is a URL that enables the API to gain access to resources on a server. changes were made in this release.