Info: What's New in 17.2

Venafi Trust Protection Platform 17.2 brings an long list of exciting new features to help you solve your most important business problems related to securing and protecting Keys and Certificates within your organization today.

Before upgrading to 17.2, please review the Important Considerations before Upgrading.

Server Certificate Product Features

  • ACME Server

    The Venafi server can operate as an ACME (Automated Certificate Management Environment) server that supports automated certificate enrollment and installation for Linux servers using the certbot utility.  The Venafi ACME server supports HTTP based domain validation as defined by the ACME protocol and works with any certificate authority that reliably issues certificates in 30 seconds or less.
    See more in product documentation Link Requires Authentication

  • Remote Key Generation with Gemalto (SafeNet) HSM

    The CAPI, JKS, and Apache Provisioning Drivers have been updated in Web Admin to enable remote key generation of private keys on supported Gemalto HSMs. Certificates can generated and provisioned to target systems, while keys are generated on (and never leave) the HSM. Requires the Gemalto client installed on the target device.

  • Azure Key Vault @15221; @20814; @22784; @27342; @28151

    Venafi can install certificates and private keys into the Azure key vault as a new certificate installation type available in Aperture and Web Admin.
    See more in product documentation Link Requires Authentication
  • CAPI Generational Management @27765; @19898; @22845; @23873

    The CAPI provisioning driver has been updated so that only one previous version of the certificate and private key are maintained in the CAPI key store, all previous versions are removed when new versions of the certificate are installed.
  • Manage Certificate Previous Versions in Aperture @27384; @10415; @10602; @15866; @23875; @8442; @28716

    Users can manage the previous versions of certificates within the Aperture console.  They can see full details, Revoke, and troubleshoot revocation problems in Aperture. Users can also revert to a previous version of a certificate to be the current version without downloading and uploading.
    See more in product documentation Link Requires Authentication

  • Enrollment Mode for Symantec MPKI @10025; @11217; @15241; @15395

    More intelligence is added in how certificate enrollments are handled with the Symantec MPKI driver. Instead of managing the enrollment logic on a certificate by certificate bases, the logic is configured for all certificates being enrolled via that Certificate Authority Template.
    See more in product documentation Link Requires Authentication
  • MSCA Enrollment Support for Intermediate Root Certificates @26847; @27360; @27472; @28115

    To support advanced enterprise PKI use cases, the Microsoft Certificate Authority driver has been updated to allow the enrollment of Intermediate Root Certificates.
  • Update BlueCoat Version Support @25278

    The BlueCoat driver now supports version 3.11.3.  Venafi documentation has been updated.

SSH Product Features

  • Agentless integration with Centrify Server Suite @26915

    Centrify’s dzdo command can be used for privilege elevation during Agentless discovery and remediation. This allows all privileges to be managed through Centrify. Details of Centrify configuration are described in this KB article:


Platform Features

  • Locking of dashboard and inventory risk thresholds @3535; @13412; @14164; @17315; @17589; @19730; @23209; @24725

    Risk thresholds and preferences, such as approved algorithms, minimal SSH key and TLS certificate key length and others are now moved from dashboard settings to user preferences. Users with Write permission to root policy can now lock the settings for all other users, allowing global default configuration

  • Update for Groups & Work Configuration @25480; @18446; @20379

    The configuration of groups and work for Server Agents, Enterprise Mobility Agents, SSH Agentless Groups, and for the User Portal has been updated to be easier to configure, more validation to prevent misconfiguration, the renaming of groups and work, and the ability to assign the same work configuration to multiple groups.
    See more at Info: 17.2 Updates To Groups And Work

  • Credential Management in Aperture

    Username, Password, Certificate, and Private Key Credentials can be managed in Aperture.  You can edit credentials, rename, move, change permissions on credentials. Aperture offers protection on credential deletion.  If the credential is in use you will not be able to delete it and will be told where it is in use.
    See more in product documentation Link Requires Authentication

  • Modify Behavior Of Daily Tasks And VPlatform Startup @28397; @27186; @27928

    Advanced customization designed for expert users, you can modify the behavior of daily tasks on your Venafi servers.
    See Also Info: Modify Behavior Of Daily Tasks And VPlatform Startup

Third Party Integrations into Venafi

  • Hashicorp Terraform Integration

    The Venafi Terraform Provider allows Hashicorp Terraform users to seamlessly incorporate certificate management into Terraform plans when orchestrating technology infrastructure.

  • Docker Integration

    The Venafi Docker Key & Certificate Management Container allows Docker users to request and deploy certificates to Docker containers using a centralized, easy to use container that interfaces with Venafi REST APIs for certificate management operations.
Was this article helpful?
2 out of 2 found this helpful