What’s new?

You can now create PQC Private CAs using the ML-DSA algorithm. These CAs support ordering PQC private SSL, client, and device certificates for post-quantum learning and testing.

For more information, contact your Sectigo account manager.

SCM-13582

The Usage page has been redesigned to show overages more clearly and indicate how inventory from flex bundles is used.

SCM-13724

The DNS Connector will now generate TXT records in DNS instead of CNAME records. This change is backwards compatible with existing DNS Connector releases.

SCM-13600

The API now has a new resource to get usage details.

SCM-13724

The approver and requester can now be included in notifications for device certificates.

SCM-13336/ SCM-12916

SSL certificate deletion events are now audited.

SCM-13469

SCM now uses Azure Key Vault API version 2026-02-01 since all previous versions will be retired in early 2027.

SCM-13595

Admins can now validate their emails in SCM.

SCM-13757

Improved script that collects IIS server information to operate on Windows desktop operating systems that don’t have required IIS features installed.

SCM-12839

Resolved issue of installation of wildcard certificates to Apache servers from a Network Agent installed on Windows that would fail with an error saying “The filename, directory name, or volume label syntax is incorrect”.

SCM-12874

The MS agent now saves the Template Enrollment Flags and Template General Flags into the local CA DB instead of setting it to 0. This is purely informational, most of these flags have no impact on the MS Agent. However, the Publish certificate in Active Directory Flag is now supported.

SCM-12032

There is improved connection to TLS-based proxy by including SNI information in the initial handshake.

SCM-12278

The MS Agent now supports renewal of the local CA certificate.

SCM-9611

There is improved logging to include more details during startup.

SCM-11876, SCM-11858

The MS Agent stopped processing commands from Sectigo Certificate Manager if during startup it could not start its revocation subsystem. This was usually caused by MS Agent being unable to connect to the required locations in Active Directory.

SCM-11760, SCM-11880

Error logs would contain entries for Failed to check CA permissions for Authenticated Users when language packs were installed on the MS Agent computer.

SCM-11834

Updating the local CA CRL was failing. This expired CRL would impact any enrollment requiring key escrow.

SCM-12178

On some systems, the agent would fail when generating CSR and key.

SCM-9723

Improved performance when processing large numbers of key generation requests.

SCM-11056

The Sectigo CA Connector 3.4 installer was reporting itself as 3.3.

SCM-13345

Discovery of certificates in DigiCert found no certificates if the account contained a multiple of 20 certificates.

SCM-13287

There was a missing space between review_requests and create_longer_validity_order when describing missing DigiCert API permissions.

SCM-11284

There is now support for the CSC Basic DNS via the CSC Domain Manager platform.

SCM-10304

Connector could not remove the CNAME record from AWS.

SCM-13566

Problem with provider initialization during stale records cleanup.

SCM-13574