CertAccord™ Enterprise 7.0 Features Improved Machine Identity Certificate Provisioning
CertAccord Enterprise 7.0 by Revocent, Inc. provides improved automated deployments of X.509 Machine Identity Certificates between Microsoft ADCS PKI and Linux/Mac endpoints. Additionally this release features deeper integration with Microsoft ADCS with the support of certificate revocation and numerous improvements to the CertAccord Enterprise Management Console to improve ease of use and deliver additional functionality.
This release supports improved provisioning of Machine Identity Certificates by automating how the Subject Alternative Names (SANs) of an X.509 certificate are built. Subject Bindings in CertAccord now support the “Auto Add SAN from CNAME” flag. When this flag is enabled each DNS CNAME found for the endpoint will be added as a SAN entry. This powerful feature allows the information in DNS to be used to automate the machine identity certificate creation without having to manually create custom certificates for each machine.
Deeper integration with Microsoft Active Directory Certificate Services (ADCS) has been implemented with the support for certificate revocation. When certificates are deleted by CertAccord, such as when an endpoint is deleted, each certificate is now revoked with the issuing Certificate Authority (CA). Previously releases did not support certificate revocation.
The CertAccord Enterprise Management Console has been improved to eliminate confusing and unnecessary screens when editing settings such as Subject Bindings and Certificate Policy Bindings. These improvements simplify the editing process to make it more intuitive and less error prone. Viewing of detailed data has also been improved by adding separator lines between each label and its value.
The viewing and editing of LDAP settings has been improved in the Management Console to provide for long LDAP search base values. Editing of search base values is also more flexible now with the ability to change the order of search bases.
The installer for CertAccord Enterprise Server has been improved to recognize when an upgrade is being performed vs a first-time (full) installation. If an upgrade is detected the installer GUI will not prompt for all the first-time parameters. This saves significant time and reduces errors when upgrading the server.
For more information about new features and known issues, please see the Release Notes available for download. Existing customers with support can upgrade for free by downloading the update. An updated license is required and can be obtained at no additional cost by contacting Technical Support.
About Revocent and CertAccord Enterprise
Founded in 2015, Revocent provides innovative PKI products to organizations of all sizes worldwide. The company’s premier CertAccord Enterprise product provides X.509 certificate automation to enable customers to extend their existing Microsoft Enterprise CA to Linux, Mac, and UNIX platforms. Full life-cycle management of certificates allows customers to significantly reduce ongoing labor costs, improve security, and simplify their PKI.
CertAccord Enterprise allows Linux, MacOS X, Solaris, and Windows (including non-AD joined) systems to easily create and install fully managed digital certificates. Integration with Active Directory is built in into CertAccord and does not require changing authentication systems at the OS (Linux) level. You can install CertAccord in hours – not months – without major changes to your existing PKI or AD environments.
The enrollment and fully automatic renewal of certificates from Microsoft ADCS on platforms such as Linux and MacOS X significantly reduces costs and reduces risk of service outages from manual certificate creation. Automatic renewal of certificates significantly lowers cost and significantly reduces the risk of service outages.