Venafi Trust Protection Platform version 17.3 introduces a number of powerful new features to help you solve your most important business problems related to securing and protecting keys and certificates within your organization today.
Before upgrading to the new version, carefully review the topic, Important Considerations before Upgrading.
Server Certificate Product Features
- DigiCert CertCentral Platform Support @13694; @26213; @25416; @21978; @20192; @17582; @13181; @29697
Venafi Platform now works with the new certificate authority platform by DigiCert, adding support for automatic reissuance of certificates and sub-year validity periods. You can modify the organizational unit (OU) or add additional SANs of user provided CSRs after they are uploaded. The task of requesting certificates from DigiCert has been simplified for users by removing unnecessary fields.
- Modernized IBM DataPower Certificate Installation Driver @27576; @1060; @2826; @13420; @15724; @18898; @25620
Updated to support DataPower's more modern REST management interface. Now supports models XI52 v220.127.116.11 and IDG v18.104.22.168. A custom SFTP server is no longer required for successful automated certificate installation. Maintains SSH CLI for backward compatibility with legacy versions.
- IBM DataPower Onboard Discovery (BETA) @15723; @1406; @18489; @18783
Provide Venafi Platform with the IP Address and credentials to your DataPower appliances and let Venafi Platform do the rest. This feature will discover the certificates and associated profile configuration on your DataPower appliances for a true turnkey certificate rotation experience. Rotating all of your DataPower certificates has never been this easy. Requires a BETA license from Venafi Customer Support.
- Certificate Revocation Approval Requests @13821
Regardless of whether you are revoking the current version of a certificate or a previous version, approvers are taken directly to the approval screen. Approvers can now review detailed information regarding which certificate is requesting revocation, who initiated the request, and why.
Certificate Download Details @15051
Enhanced defaults when downloading certificates in Aperture make it easier to get what is needed to successfully install the certificate onto an application or appliance. Downloads are also supported for previous versions of certificates in Aperture.
- Custom Reports Certificate Count @29440
The custom reports have been updated so that the PDF report now includes the total number of certificates in the report.
SSH Product Features
SSH Approval Workflows @13650; @15654; @23814
SSH Administrators and Identity Access Management teams can now require approvals before new keys are added or removed, or before key settings can be modified. This allows for a greater, centralized control over access changes within your organization and enhances your overall security posture.
For more information, see Creating an SSH key workflow on the Venafi Documentation Portal (https://docs.venafi.com).
REST API (Web SDK)
- Certificate Import @25697; @29303
Import certificates and their private keys. Supports PEM and PKCS#12. (POST Certificates/Import)
- Check CSR for Compliance @29921
Retrieve policy that applies to certificate enrollment or provide a CSR to decode and assess for compliance with policy. (POST Certificates/CheckPolicy)
- Reset Certificate Processing Status #35205
Reset the state of a certificate and its associated installations. You can also reset private key mismatch errors. (POST Certificates/Reset)
- Support for Integrated Windows Authentication @29292; @12388
Authenticates a user with Integrated Windows Authentication. After the user is authenticated, an API key is returned allowing access to all other REST calls. (GET Authorize/Integrated)
- Easy access to certificate Custom Field data #34351
When retrieving details on the certificates, effective custom field values are now included in the response. (GET Certificates/guid)
- Search for certificates by OU and SANs @26254
Organizational Unit and Subject Alternative Names are now searchable attributes to filter the results set. (GET Certificates & HEAD Certificates)
- SSH Approval Workflows #33087
New APIs are available to approve or reject various SSH key operations programmatically, and key/keyset query APIs are enhanced to filter for keys that are pending approval. (POST SSH/ApproveKeyOperation & POST SSH/RejectKeyOperation)
- Credential Usage
Credentials are a critical part of allowing Venafi Platform to integrate with other platforms and processes within your organization. In Aperture, you now have visibility into credentials usage within Venafi Platform. Usage tracking ensures appropriate consumption of credential assets and auditability.
- In-Product Notifications, Interactive Help, and Analytics Collection
Includes optional features to assist you in using the product. Benefits include:
- New Venafi patch alerts for your specific version of Venafi Platform
- Real-time security notifications
- Interactive help and training guidance
- New features based on behavioral data
By enabling these features, you allow Venafi to collect usage information and user behavior that helps us improve usability and identify and implement new product features.
For more information, see Info: Usage Statistics and Analytic Data FAQ For 17.3.
Automatic License Report Collection
To keep you informed regarding your license usage, Venafi Platform automatically submits an enhanced license report to Venafi on a weekly basis. License reporting occurs even if the license submission has been opted out in 17.1 or 17.2.
For more information, see Info: License report changes FAQ for 17.3.
- Improved Usability with Identity Management in Aperture @27851
The Identity Overview page is updated in Aperture to show only applicable information about the user you are viewing. Classification of information is also updated so that the most important details are highlighted.
- Venafi Platform is now supported to run on Windows Server 2016
Venafi is planning on deprecating support for running on Windows Server 2008 R2 in 17.4. If you are planning on upgrading your Venafi Platform infrastructure, Windows Server 2016 is now fully supported. You can now choose to upgrade to Windows Server 2012 R2 or Windows Server 2016.