Orchestration gateway release notes

This page provides release notes for the Sectigo Certificate Manager (SCM) Enterprise orchestration gateway.

The orchestration gateway documentation can be found in the following location:

Understanding orchestration gateways

Orchestration gateway v1.1

This release includes the following updates and improvements:

General updates
Resolved issues

General updates

Change	Reference number
There is now support for Imperva Web Application Firewall (WAF) Cloud as a new SSL/TLS automation endpoint. Each Imperva endpoint represents an Imperva account. Sites in that account are discovered as nodes and the gateway installs custom certificates onto them via the Imperva REST API. The Imperva API doesn’t support retrieving the actual certificate. As a result, when discovering certificates on existing sites, only metadata (such as fingerprint, serial number, and expiry) may be visible in SCM. Once a certificate has been deployed via SCM, the complete certificate will be visible.	SCM-14018/ SCM-14252
There is now support for NetScaler (formerly Citrix ADC) as a new SSL/TLS automation endpoint. This includes certificate automation for Content Switching vServers, Load Balancing vServers, Citrix Gateway, and Authentication vServers.	SCM-14261
There is now support for Beyond Trust Pathfinder Platform as a credentials store.	SCM-14262

Change

Reference number

There is now support for Imperva Web Application Firewall (WAF) Cloud as a new SSL/TLS automation endpoint.

Each Imperva endpoint represents an Imperva account. Sites in that account are discovered as nodes and the gateway installs custom certificates onto them via the Imperva REST API.

The Imperva API doesn’t support retrieving the actual certificate. As a result, when discovering certificates on existing sites, only metadata (such as fingerprint, serial number, and expiry) may be visible in SCM. Once a certificate has been deployed via SCM, the complete certificate will be visible.

SCM-14018/ SCM-14252

There is now support for NetScaler (formerly Citrix ADC) as a new SSL/TLS automation endpoint. This includes certificate automation for Content Switching vServers, Load Balancing vServers, Citrix Gateway, and Authentication vServers.

SCM-14261

There is now support for Beyond Trust Pathfinder Platform as a credentials store.

SCM-14262

Resolved issues

Change	Reference number
An endpoint configured in Sectigo Orchestration Gateway could not be removed using the standard CLI command, and returned a “not found” error.	SCM-14548

Change

Reference number

An endpoint configured in Sectigo Orchestration Gateway could not be removed using the standard CLI command, and returned a “not found” error.

SCM-14548

Orchestration gateway v1.0

Introducing Sectigo Orchestration Gateway (SOG), a lightweight orchestration layer that extends SCM into operational environments. It provides a consistent way to execute certificate lifecycle tasks across hybrid and multi-cloud infrastructure, reducing reliance on custom scripts, manual steps, and environment-specific integrations.

Used alongside SCM, SOG orchestrates discovery, issuance, renewal, deployment, and revocation using standardized workflows. Its modular, extensible architecture is designed to support high certificate volumes, short renewal cycles, and evolving platform and cryptographic requirements, without adding significant operational overhead.

Key capabilities:

Orchestration of the full certificate lifecycle across different environments
Endpoint-based key generation with no shared or centralized key storage
One-to-many automation from a single gateway instance
Local and remote server/endpoint support using SSH, WinRM, and multiple authentication methods
Integration with local credential stores and enterprise vaults, including HashiCorp Vault, CyberArk Vault, and Delinea Secret Server
Support for Apache, Tomcat, Microsoft IIS, F5 BIG-IP, Nginx, and file-based endpoint types including PKCS#12, JKS, and PEM