SCM Enterprise release notes

This release of Sectigo Certificate Manager introduces ordering and management of Verified Mark (VMC) and Common Mark (CMC) certificates.

For more information, contact your Sectigo account manager.

SCM-13311

In preparation for the limiting of public SSL certificate lifetimes to less than 200 days in March, this release automatically adds a 199-day term to public SSL certificate profiles using any soon-to-be invalid term.

SCM-13372

SCM now shows the backing certificate product and available inventory within the Request SSL Certificate wizard if subscriptions are enabled.

SCM-13224

SCM now shows the backing certificate product in the Certificate Profiles page table.

SCM-13223

Certificate reports have been enhanced to contain significantly more fields, especially for certificate types other than SSL. In some cases, column names have been renamed to modern terminology and to be consistent across certificate types.

For SSL certificate reports:

For client certificate reports:

For code signing certificate reports:

For device certificate reports:

SCM-13225

Notifications for MS Agent and Network Agent disconnected now have variables for last seen and disconnected timestamps.

SCM-10329

SHA-256 hashes of certificates are now shown in the SCM UI. These only exist for certificates issued or imported after SCM 25.8.

SCM-13115

The DNS entry created by the DNS Connector is now deleted immediately after validation is completed.

SCM-12803

Client certificates imported to the Sectigo Key Vault via Admin REST API are now exported to Intune if that feature is enabled for the target organization.

SCM-13269

The Create Private CA wizard now shows the issuer subject on the final page of the wizard to allow confirmation before creation.

SCM-13248

The SCM REST API documentation can now be found at the SCM DevX Hub.

New method to get the renewal history of an SSL certificate.

SCM-13286

Added requested and expires to the response of client certificate list APIs.

SCM-6297

This release of Sectigo Certificate Manager introduces the ability to migrate all enrollment endpoints to a new certificate profile quickly. This capability can be used if a private CA is being replaced and manually updating all enrollment accounts would be unmanageable.

SCM-12359

When paired with CA Connector 3.4, certificate discovery can be manually performed against a Microsoft Enterprise CA.

SCM-10515

Management of SCEP RA certificates is now possible by customers. They can view any SCEP RA certificates created by Sectigo on their behalf as well as add/manage new SCEP RA certificates without involving Sectigo support.

SCM-6900

A new notification type has been added to receive notifications about SCEP RA certificate expiry.

SCMSERVICE-1466

Admin privileges have been enhanced to include view/add/manage privileges for certificate profiles and custom fields. These privileges can now be given to RAO/DRAOs in addition to MRAOs if required.

SCM-11772, SCM-11773, SCM-11781, SCM-11782

There are new admin privileges to control import of certificates.

SCM-11807

Audits have been improved to track admin privilege changes.

SCM-11779

Certificate profiles can now be ordered on the Web Enrollment forms.

SCM-11528

Added notificationDaysInAdvance variable to SSL expiration notification templates.

SCM-12847

New Usage section in the certificate viewer to see current certificates individual contribution to usage.

SCM-13013

New SAN Count and Licensed SAN columns in the SSL certificate table to show the certificate’s total SANs and how many additional SANs above the free are included with the certificate product.

SCM-12830

New SAN Count and Licensed SAN columns in the SSL report showing certificate’s total SANs and how many additional SANs above the free are included with the certificate product.

SCMSERVICE-1462

The DNS TXT DCV progress dialog will now show the token expiration timestamp and if expired, provide a way to fetch a new token.

SCM-12939

Return CSR in SSL Get Details response.

SCM-13016

New client certificate methods that operate by certificate ID.

SCM-13078

New Reporting APIs that return CSV formatted data with same options and columns as manual reports.

SCM-12997

Manually renewing a certificate with auto-renewal enabled results in a new certificate without auto-renewal enabled.

SCM-13092

Cleanup of old unregistered Network Agents could incorrectly delete an offline agent.

SCM-13021

UI glitch when viewing a large number of departments in the Organizations tree.

SCM-12844

Cancelled domain delegation could result in UI still showing delegation pending but updating the delegations was blocked since the Save button didn’t appear.

SCM-13048

Creation of a certificate profile for MS CA could fail with the error "Unable to get the available configuration from the CA backend for 'MS Template' attribute."

SCM-13014

Editing a certificate’s mandatory custom field could result in an internal error.

SCM-12801

When MRAO must approve domain delegations was enabled, the notification to the MRAO might not be sent if the RAO approved the department’s domain request in a specific order (organization before department).

SCM-11591

This release of Sectigo Certificate Manager introduces the ability to revoke certificates migrated from Entrust Certificate Services.

SCM-12589

Select All checkbox added to improve managing admin privileges.

SCM- 11856

Description field added to the domain report.

SCMSERVICE-1458

Support for YubiHSM2 for code signing key attestations.

SCMSERVICE-1456

Additional Domains usage moved to a separate card in the Usage UI to improve readability.

SCM-12790

Logging out of SCM when using a Sectigo Authentication Service admin would not drop the session with the Sectigo Authentication Service.

SCM-12610

Display of SANs on a replaced SSL certificate could include the original certificates SANs.

SCM-12640

Filtering SSL certificates by department, "None" would become "Any" after logout and login.

SCM-12559

Deleting a discovered SSL certificate could fail in some situations.

SCM-12809

New configurable notification for subscription changes.

SCM-12467

New configurable daily notification for expiring Sectigo Private CAs.

SCM-12470

New configurable daily notification for available inventory below a configurable threshold.

SCM-12468

New configurable daily notification for usage exceeding inventory.

SCM-12469

New configurable notification for disconnected CA connector.

SCM-6592, SCM-9700, SCM-10953

New configurable notification for disconnected DNS connector.

SCM-11680, SCM-12161

New configuration for enrollment forms to disable the ability to revoke.

SCM-6958

New configuration for enrollment forms to disable the ability to renew SSL and device certificates.

SCM-11418

New configuration for enrollment forms to disable the option to auto-renew SSL certificates.

SCM-11417

Quick search fields have been added to additional pages.

SCM-12350

Improved REST API for downloading private keys from the Private Key Agent. The new HTTP method allows a password to be specified if not set originally via enrollment.

SCM-12159

SCM will now calculate SHA256 hashes on new certificates of all types. Existing certificates will not have the hash available. The SHA256 value will be returned via REST APIs.

SCM-9253

The domain delegation UI has been improved to deal with large numbers of organizations/departments.

SCM-12423

There is now a confirmation dialog for Network Agent deletion.

SCM-12538

The ${approverName} variable had not been rendered in the SSL Certificate Approved or SSL Certificate Declined notifications.

SCM-12387

SCM could show the old serial number for a replaced certificate.

SCM-12558

Deleting a department could fail if IdP-based DRAOs were given access.

SCM-12559

UI issue when a customer had more than 20 Azure accounts. The backend returned only the first 20 accounts, so for 20+ accounts the first one from returned was selected on UI.

SCM-12299

Admins of type IdP or Sectigo Authentication Service would receive an error about insufficient rights when changing the ownership of an SSL certificate.

SCM-12530

Code signing certificates discovered on DigicertCA with unknown validation type. Changed SCM validation type parsing logic to support such cases.

SCM-12500

SSL certificate enrolment would fail if mandatory custom field ended in a space.

SCM-12546

The SCM UI has been refreshed with new colors and other visual improvements. The login page has been changed significantly.

SCM-12079

Domain delegation has been enhanced to provide greater control over how a delegated domain and its subdomains can be used.

SCM-12023

The ability to view ACME clients within SCM has been improved. Previously newly registered ACME clients might not appear in SCM for hours.

SCM-11480

New bulk certificate import APIs for all four certificate types in SCM.

SCM-11999

It is now possible via the existing SSL certificate API to move a certificate between departments.

SCM-10627

Downloading client certificates/keys from the Sectigo Key Vault that failed if they were imported via the API.

SCM-12188

Enrollment to Azure Key Vault that failed for certificates with long common names.

SCM-12047

RAO could not delete the domain and the domain validation.

SCM-11963

Assumed name field no longer shows for OV validations, its applicable to EV only.

SCM-12095