Info: Venafi Trust Protection Platform 16.2 is released


Venafi Trust Protection Platform 16.2

What's New




Delivers customized reports for TPP agent installation information. Agent location data is extracted from the Venafi platform to generate custom-created reports within Aperture. Administrators can select fields and criteria for a custom report, view reports on demand, or schedule report delivery on a daily, weekly, or monthly basis. 

Additionally, new enhancements allow for reporting on additional certificate installation details, such as host name, port, application (i.e., web server, load balancer, VPN gateway), IP address, and validation status. Customers can feel secure knowing their security team has deep visibility into their certificate environment to ensure solution effectiveness and audit readiness quickly and easily.



The new Venafi Adaptable CA Driver enables customers to optimize TPP for their preferred CA quickly and easily with a driver that customers and business partners can customize themselves to support any CA or any special CA feature.  This enables customers to enjoy an increased ROI with the ability to maximize their TPP investment with any CA anywhere with minimal programming expertise. The Symantec Managed PKI Service, sometimes referred to as “Magnum”, is included with the driver as a supported reference sample. 



This release contains significant performance improvements for SSH queue processing. This will greatly reduce the probability of deadlocks in the database, time required for background processing, and response to agents.

  1. Enhancement Requests Included in this Release

NOTE: Numbers starting with @ indicate the Enhancement Request number issued by

Identity Cache

To reduce lookups on an external identity system, e.g., Active Directory, TPP will temporarily cache query results so that subsequent queries can be pulled from the cache instead of going back to the identity system for subsequent lookups. (@2077)

Log Retention

Users no longer need to type in an SQL Query to delete/trim logs.  All they need to do is enter a number, e.g., 90 days, in order to set their log retention policy.  This can also be done via the Venafi Control Center during upgrade. (@13578)

Log WebSDK

There are now API methods for both posting logs as well as retrieving logs from the TPP Log Server. Methods are documented in the WebSDK Guide. (@18709) 

Default Email Templates

Users can now modify the FQDN of the URL used in links of default notifications without cloning and editing the notifications. It is done with new FQDN macros that are managed in the Platforms tree of the Web Admin Console. (@19739)

Custom Reports for Agents

“Agents” is a new data type available to the custom report framework within Aperture. Users can use filters to define queries, choose/order columns, and then save these preferences and schedule the delivery of the CSV or PDF report that displays registered agents. (@2105, @12651, @12557)

Identity Filtering

In Aperture, users can filter for certificates based on certificate contacts, certificate approvers, or identities stored in certificate custom fields. The filter does not support group resolution. (@2074, @19211, @19362)

Who Renewed and Installed a Certificate

Aperture and Web Admin now record, as an attribute, when “Renew Now” was clicked and by whom to enroll a certificate or to “Push” a certificate to an application object. These stored attributes are not visible in the User Interface, but are available to macros to be used to create and customize notifications for workflows and other notices that users may want to create or modify. (@19206, @9084, @3548, @2854, @17813, @15552, @5338, @13975, @19896, @8416, @7788, @18975, @15383)

Custom Certificate Reports Enhanced

There were several enhancements made to custom certificate reports that can be generated in Aperture. More columns are available and more filters are available to define queries. Nested data allows TPP to report where certificates are installed, especially multiple installations of the same certificate, by showing application/installation data. (@17975 @5808)

Network Discovery Priority

Users can modify the priority/order of Network Discovery Jobs in Aperture and the priority will be reflected even if the job is currently in progress. (@19461)

Adaptable Certificate Authority Integration Driver

Users now have the ability to write their own custom PowerShell scripts and natively integrate those scripts into TPP for certificate lifecycle processing (enrollment, renewal, revocation). Sample integration script is provided as well as thorough documentation.  Some enhancement requests for new CA Vendor integration are considered delivered by providing the functionality for customers, vendors, and Venafi Professional Services. It offers the ability to more easily write and maintain these integrations themselves.  (@14729, @18308, @18052, @18946, @9480, @8650, @5012, @5006, @3514)

Was this article helpful?
1 out of 1 found this helpful