Sectigo nos envía los próximos cambios en la versión SCM 24.7:

Scheduled Maintenance: Sectigo Certificate Manager (SCM) 24.7 Release will be deployed Saturday July 20th at 11:00 UTC until 17:00 UTC

Planned Start: July 20, 2024 11:00AM UTC
Expected End: July 20, 2024 5:00PM UTC

Affected Infrastructure

Components: Certificate Issuing Platforms, Certificate Lifecycle Management Platforms
Locations: Public CA, SCM (cert-manager.com), SCM (hard.cert-manager.com), SCM (eu.cert-manager.com)

Details:

Schedule maintenance for the SCM release 24.7 has been postponed until July 20th, 2024.

The SCM 24.7 release includes the following enhancements and fixes:

  • Public domains can now be monitored for usage in publicly issued certificates. When enabled, the Certificate Transparency logs are monitored for any newly issued certificates that contain the domain (or optionally its subdomains) in the Subject common name or the Subject Alternative Names extension. (SCM-9919)
  • Azure Key Vault discovery tasks can be created to perform scans of Azure Key Vault certificates. The discovery tasks can be scheduled like existing discovery tasks, and any discovered certificates are imported to the associated certificate bucket. (SCM-9817)
  • New UI to initiate a DCV request, replacing the existing wizard with a simpler two-step process. Initial method selection includes a more detailed description of the DCV method, the second step provides instructions to follow and the ability to submit the request when ready. (SCM-9967)
  • New UI to continue a DCV request that has not been submitted, returning to the instructions, request token and submit option. (SCM-9967)
  • Optional check that CAA records allow Sectigo to issue certificates for the selected domain before allowing DCV request to be created. (SCM-9961)
  • New progress UI to show DCV request status, including ability to force a new HTTP/DNS check manually. New progress UI includes the request token if needing to validate the original instructions were performed correctly. (SCM-7036)
  • SCM introduces a new automated DNS DCV method. When enabled, the new DNS connector can be deployed to support automating DCV via DNS. The DNS connector receives commands from SCM to configure the DNS provider with the required records to complete DCV and after DCV is complete to clean up the added records. (SCM-9786)
  • When enrolling for a certificate using an enrollment form and using a CSR method that requires a PKCS#12 download, the entered password is now validated against the password policies. (SCMSERVICE-763)
  • SCM introduces a new password policy for use when dealing with public S/MIME certificates. If enrolling for a public S/MIME certificate, the password is validated against this policy instead of the organization/department or default policy. (SCMSERVICE-763)
  • Domain reports now include CSR hashes needed to generate request tokens if DCV request has been submitted. (SCM-7046)
  • Domain & Admin reports can now be scheduled. (SCM-9671/SCM-9782)
  • Certificates in a certificate bucket can now be hidden. (SCM-9982)
  • API Admins can have password removed if using client credentials for authentication. (SCM-9780)
  • Audit log entry for Sectigo Key Vault downloads didn’t include the username for IdP based admins. (SCM-8742)
  • Network Agent Down notification, not respecting the configured organizations/departments. (SCM-9797)
  • Auto revocation of client certificates when deleting an organization/department wasn’t occurring. (SCM-8618)