What’s new?

The performance of the Certification Authority snap‑in has been enhanced, resulting in much faster loading and navigation of issued certificates in high‑volume deployments.

SCM-13143

There is improved HTTP proxy compatibility by including the port number in the CONNECT request as well as the Host header.

SCM-12270

Startup no longer converts CA private keys to non‑exportable by default; this can be enabled via the PrivateKeyNonExportable registry setting.

SCM-13903

Fixed a regression in MS Agent 4.3 that caused certificate requests to fail for Active Directory Certificate Templates requiring manual SAN entry.

SCM-12534

Improved handling of network loss during initialization, which previously resulted in logging the error "The specified domain either does not exist or could not be contacted."

SCM-12995

Fixed an issue where CA names containing spaces were parsed incorrectly, preventing the CA’s AD Configuration container from being located during discovery.

SCM-13187

Resolved an issue where conflicting error codes caused incorrect permission‑related error messages to appear during enrollment.

SCM-13380

Fixed an issue where startup without SCM connectivity caused the CA console to hide existing certificate templates and delete the assigned template list when attempting to add a new one.

SCM-13922

You can now create PQC Private CAs using the ML-DSA algorithm. These CAs support ordering PQC private SSL, client, and device certificates for post-quantum learning and testing.

For more information, contact your Sectigo account manager.

SCM-13582

The Usage page has been redesigned to show overages more clearly and indicate how inventory from flex bundles is used.

SCM-13724

The DNS Connector will now generate TXT records in DNS instead of CNAME records. This change is backwards compatible with existing DNS Connector releases.

SCM-13600

The API now has a new resource to get usage details.

SCM-13724

The approver and requester can now be included in notifications for device certificates.

SCM-13336/ SCM-12916

SSL certificate deletion events are now audited.

SCM-13469

SCM now uses Azure Key Vault API version 2026-02-01 since all previous versions will be retired in early 2027.

SCM-13595

Admins can now validate their emails in SCM.

SCM-13757

Improved script that collects IIS server information to operate on Windows desktop operating systems that don’t have required IIS features installed.

SCM-12839

Resolved issue of installation of wildcard certificates to Apache servers from a Network Agent installed on Windows that would fail with an error saying “The filename, directory name, or volume label syntax is incorrect”.

SCM-12874

On some systems, the agent would fail when generating CSR and key.

SCM-9723

Improved performance when processing large numbers of key generation requests.

SCM-11056

The Sectigo CA Connector 3.4 installer was reporting itself as 3.3.

SCM-13345

Discovery of certificates in DigiCert found no certificates if the account contained a multiple of 20 certificates.

SCM-13287

There was a missing space between review_requests and create_longer_validity_order when describing missing DigiCert API permissions.

SCM-11284

There is now support for the CSC Basic DNS via the CSC Domain Manager platform.

SCM-10304

Connector could not remove the CNAME record from AWS.

SCM-13566

Problem with provider initialization during stale records cleanup.

SCM-13574