TCS

Sectigo Certificate Manager 24.9

Sectigo nos envía los próximos cambios en la versión SCM 24.9:

Scheduled Maintenance: Sectigo Certificate Manager (SCM) 24.9 Release is scheduled for Saturday Sept 14th at 9:00 AM UTC until 3:00 PM UTC

Planned Start: September 14, 2024 9:00AM UTC
Expected End: September 14, 2024 3:00PM UTC

Affected Infrastructure

Components: Certificate Issuing Platforms, Certificate Lifecycle Management Platforms
Locations: Public CA, SCM (cert-manager.com), SCM (hard.cert-manager.com), Private CA, Private CA - EU, SCM (eu.cert-manager.com)

Details:

The SCM 24.9 release includes the following enhancements and fixes:

  • Client and device certificates now have a comments field like SSL certificates. The comments field will appear on enrollment forms, be possible to view/update via the REST API and include as a variable in notification templates. (SCM-8985)
  • Notifications can now be disabled without deleting them entirely. (SCM-9753)
  • Web-hook notifications can now be sent in customizable JSON. Previously, the body text was sent as one JSON field named “body”. (SCM-9162)
  • Many additional variables have been added to notification templates. This includes serial numbers, custom fields and comments. (SCM-9297/SCM-6634/SCM-8091)
  • Notifications now better track the creator/modifier. This was already recorded in the audits but this allows for filtering, sorting. (SCM-10145)
  • Improved default email templates. The default templates have all been switched to HTML and updated to include better descriptions and variables. Existing customers will not receive these templates by default to avoid backwards compatibility issues with any automation they may have setup to process notifications. (SCM-10144)
  • Automatic renewal of Automated DNS DCV method added. (SCM-10138)
  • Code signing certificate enrollment forms now support Marvel/Google HSM and Fortanix HSM attestations. (SCMSERVICE-950/SCMSERVICE-965)
  • Code signing certificate enrollment forms now support a shipping address. (SCM-8121)
  • Default format for PKCS#12 files can now be specified per enrollment form. (SCMSERVICE-566)
  • Client and device certificate enrollment forms now support comments. (SCMSERVICE-1019/SCMSERVICE-10468)
  • Ability to download a client certificate’s private key from Sectigo Key Vault via API. (SCM-10130)
  • New fields in MS Agent API GET response to include details about MS Agent cluster’s individual nodes. (SCM-9868)
  • Ability to create enrollment endpoints and accounts via API. (SCM-8812)
  • Ability to get SSL certificate locations via API. (SCM-9955/SCM-9085/SCM-7668)
  • Ability to update device certificates via API. (SCM-10276)
  • Ability to get client certificate details via API. (SCM-10274)
  • Ability to update client certificates via API. (SCM-10277)
  • Ability to configure Domain CT Log monitoring via API. (SCM-10135)
  • Ability to create Azure Accounts via API. (SCM-9990)
  • Ability to create Azure Key Vault discovery tasks via API. (SCM-10136)
  • New “dateFormat” query parameter to control date format in API responses. (SCM-9446)
  • The login success audit entry generated when admins authenticate via an IdP now includes the full set of assertion values plus the IdPs entityID value. (SCM-10339)
  • The IdP used to last authenticate an admin is now saved (entityID) and compared during the next login attempt. If the IdP has changed an audit message is generated with the action set to “update_idp_entity”. (SCM-10339)
  • Persons now better track the creator/modifier. This was already recorded in the audits but this allows for filtering, sorting. (SCM-10370)
  • Reports now support filtering. (SCM-9909)
  • Improved audits when exporting certificate to Azure Key Vault. (SCM-10363)
  • Custom fields could not be added to an existing certificate. (SCM-10029)
  • Renewing SSL certificate with a new CSR did not allow domains to extracted from the CSR. (SCM-10479)
  • Restoring a Private Key agent backup could fail with message “Cannot create key location. Key fingerprint is empty”. (SCM-10424)
  • Updating the suspectNotifications field via the REST API would fail if the certificate had a subject alternative name longer tan 64 characters. (SCM-10392)
  • Renewal of certificate may truncate a long comment. (SCM-10357)
  • Parsing a CSR with a empty Extensions sequence would fail. (SCM-10341)
  • Enrollments for client certificates could fail if the same email address was included multiple times differing only by case. (SCM-10252
  • Editing a notification to add a new department could remove previous departments. (SCM-10231/SCM-9902)
  • Deleting an universal ACME client could fail with an “Access Denied” message. (SCM-10192)
  • Auto-installation of a SSL certificate via the Network Agent could be skipped if the scheduled time includes midnight UTC. (SCM-9989)
  • “certTypteId” query parameter to filter client certificates wasn’t working. (SCM-10197)

We expect that our Certificate Manager (SCM) will be unavailable for up to 6 hours as we add new functionality to the system.

Please note that this will impact your access to the Sectigo Certificate Manager and all its integrations, including certificate issuance.