Network agent release notes

Improved script that collects IIS server information to operate on Windows desktop operating systems that don’t have required IIS features installed.

SCM-12839

Resolved issue of installation of wildcard certificates to Apache servers from a Network Agent installed on Windows that would fail with an error saying “The filename, directory name, or volume label syntax is incorrect”.

SCM-12874

Network Agent 5.3 introduced an issue with installing ECC-based certificates on Windows IIS using Powershell. The error message was “Failed to install the certificate. Private key is inaccessible after import”. This error has now been resolved.

SCM-12514

This release adds support for Apache Tomcat 11.

SCM-12325

This release drops support for Apache Tomcat 7; it has been end of life since March 2021.

SCM-12314

Updated Powershell installation method to create exportable private keys when performing IIS installation. This change makes Powershell consistent with behavior in the legacy install method for IIS.

SCM-11543

Resolved the known issue of auto-installation with ECC key types that failed with internal error.

SCM-12306, SCM-12261

Detection of remote OS of Apache Tomcat server failed for a Linux based network agent.

SCM-11743

If the discovery of certificates on one server failed on a network agent, the entire command was failed.

SCM-11758

Execution of scripts to manage Apache Tomcat on Linux was broken in previous release.

SCM-10934

Installation of a new certificate on IIS site with SNI enabled could remove extra port bindings.

SCM-11796

Installation of a new certificate on IIS using legacy connection method would fail if multiple bindings existed for an existing certificate.

SCM-11650

This release of network agent allows adding remote servers that are running on platforms that do not match the agent’s platform. For example, you can add a remote Linux-hosted Apache server to a Windows-hosted agent or a Windows IIS server to a Linux-hosted agent.

SCM-10382

This release of network agent adds the ability to deploy via Docker. The Docker image is publicly available via Docker Hub.

SCM-9359

Improved restart of Apache Tomcat.

SCM-10746

Improved download of auto update binary.

SCM-11075

Removed usage of vbscript to automate Apache Tomcat on Microsoft Windows. Powershell is used now instead.

SCM-11015

Installation of a certificate in IIS could uncheck the Require SNI option.

SCM-11119

Setting auto update property via CLI failed on Microsoft Windows.

SCM-11506

During error handling the password of a failed F5 authentication request might be logged.

SCM-11407

In rare configurations of IIS using hostname=”” in a binding, certificate installation would create a second binding with hostname=”*”.

SCM-11437

Installation on Microsoft Windows might incorrectly discover files from a previous installation.

SCM-11564

Sectigo Network Agent now supports Delinea Secret Server as a credential store. When adding a remote server to SCM, in addition to the options of username/password or SSH key, you can specify use of a credential from a credential store. The credential store is created on the Network Agent itself so that SCM never sees the username/password and the management of those credentials can be done locally.

SCM-10083

Support for auto-installation of certificates within Apache Tomcat 9.x, 10.x has been added. Support for older unsupported versions of Apache Tomcat is being phased out. They will continue to work with this version of Sectigo Network Agent but may be dropped entirely in future versions.

SCM-5317

The automatic discovery of local servers when adding a new agent to SCM is no longer performed. This discovery had resulted in inaccuracies if the agent contained no local servers.

SCM-9456, SCM-10245

Apache Tomcat server.xml is now updated with protocol attribute if missing.

SCM-10160

Adding F5 server may fail with internal error 999 or “"Invalid IPv4 address found” error in the agent logs.

SCM-9763, SCM-10049, SCM-10143

Sectigo Network Agent now supports SSH private keys in the OpenSSH format in addition to the older PKCS#1 and PKCS#8 formats.

The OpenSSH format is indicated by the -----BEGIN OPENSSH PRIVATE KEY----- header in the file.

SCM-8796

Improved handling and error messages when SSH private key file doesn’t exist.

SCM-9937

Windows executable files are now code signed.

SCM-9531

Improved handling of F5 authentication failures.

SCM-9741

Improved handling of F5 virtual servers with IPv6 addresses.

SCM-9763

Auto-installation on Tomcat servers now always specify the keystoreType attribute.

SCM-9636

Improved handling of AppRole authentication token expiry for Hashicorp Vault credential store.

SCM-9878

Sectigo Network Agent now supports three types of credential stores; local, CyberArk Central Credential Provider and Hashicorp Vault. When adding a remote server to SCM, in addition to options for using username/password or SSH key, you can specify use of a credential from a credential store. The credential store is created on the Network Agent itself so that SCM never sees the username/password and the management of those credentials can be done locally.

Credential stores are not supported for remote Microsoft IIS servers.

SCM-9000

Improved authentication to F5 Big IP remote servers to avoid running out of authentication tokens.

Added support for setting the certificate chain on F5 Big IP.