Documentation Suite v11.5.2

Hot Fix Release 10.4.3 Notes

July 2023

Note: Keyfactor Command 10.4.3 is a hot fix release with a few fixes following the Keyfactor Command 10.4 incremental release. For more details on new features, improvements, and known limitations in Keyfactor Command 10.0, please review the Major Release 10.0 Notes.

Tip: Keyfactor recommends that you check the Keyfactor GitHub Site (https://keyfactor.github.io/integrations-catalog/) with each release that you install to check if you will need to download the updated orchestrators to work with that version of Keyfactor Command.

Updates and Fixes

Fix: Certificate authorities of EJBCA version 8 could not be added to the certificate authorities page due to a failed version check.
Fix: One-click renewal was encountering an error when trying to renew against EJBCA version 8.
Fix: Importing templates to Keyfactor Command from EJBCA version 8 failed.
Fix: External validation certificates being enrolled from public certificate authorities were sometimes resulting in the following error in the Management Portal with no errors in the log:

Cannot convert unidentified or null to object

Deprecation

The Classic API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. will be deprecated in Keyfactor Command version 11.0. All existing uses of the Classic API should be migrated to use Keyfactor API prior to upgrading to Keyfactor Command version 11. If these applications cannot be updated to the newer endpoints then the Allow Deprecate API Calls setting must be set to False (see Application Settings: API Tab in the Keyfactor Command Reference Guide). Otherwise, Keyfactor recommends that these endpoints be disabled to reduce exposure to unauthorized or unintended use.
The Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. will be deprecated in a future version of Keyfactor Command. Customers are encouraged to begin planning a migration to the Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. with the Remote File custom extension publicly available at:

https://github.com/Keyfactor/remote-file-orchestrator

API Endpoint Change Log

Please review the information in the API Change Log for this release carefully if you have implemented any integration using these endpoints.

Table 874: API Change Log

Endpoint	Methods	Action	Notes
/CertificateAuthority/Test	POST	Fixed	EJBCA version 8 is supported.
/Enrollment/Renew	POST	Fixed	EJBCA version 8 is supported.
/Templates/Import	POST	Fixed	EJBCA version 8 is supported.

Version v11.5.2

On this page: