CertAccord™ Enterprise 8.0 Delivers More Enterprise Automation of Certificate Management at Scale
CertAccord Enterprise 8.0 by Revocent, Inc., now generally available, features Automatic Product Updates, Automatic Certificate Applier™ Distribution, Multiple Active Directory Domain support, Enterprise File Permission Configuration for Certificates, and many other improvements.
This release builds on CertAccord Enterprise’s robust platform to bridge Microsoft ADCS Certificate Authorities with Linux and MacOS end-points to deliver fully automated X.509 certificate provisioning, configuration, and renewal. CertAccord Enterprise goes even further in allowing the “last mile” integration of certificates directly with the consuming applications. The Certificate Applier technology built into CertAccord Enterprise allows customers to automate the configuration of there applications which consume X.509 certificates. This release further improves the Certificate Applier experience by providing automatic updates of Certificate Appliers on end-points.
Major New Features
Automatic Product Updates: The CertAccord Enterprise Server now downloads product updates from Revocent over the Internet. This supports Automatic Updates of Agents running 8.0 or later (see Release Notes for limitations) and Notification via Email and CertAccord Management Console when updates to CertAccord Enterprise Server are available.
Multiple AD Domains: Multiple Active Directory Domains may now be configured in CertAccord Management Console (CMC).
Automatic Certificate Applier Distribution: Certificate Appliers(tm) can be added to the CMC which will then distribute the Applier to Agents. Previously Appliers had to be distributed via customer management systems like Ansible and Chef.
Certificate Purpose File Permissions: Each Certificate Purpose can be configured with file permissions for Certificate, Key, and Properties files. Each permission set supports Unix (Linux/Mac) and Windows based file permissions. These permissions are distributed from the CAB to Agents as part of the normal Certificate Purpose sync done when an Agent checks in with its CAB. This features allows customers to configure file permissions in a central location (the CertAccord Management Console) without the need for creating and distributing /etc/cmb/fileaccess/*.access files.
Implement fix for Microsoft KB5014754 change to require strong mapping between user certificates and AD accounts. Certificate Purpose now supports the “SID Enabled” attribute. When this is enabled and the certificate identifies a user, then the user’s Active Directory SID (Security Identifier) will be included in the certificate in a manner compatible with KB5014754.
More Information
For more information about new features and known issues, please see the Release Notes available for download. Existing customers with support can upgrade for free by downloading the update. An updated license is required and can be obtained at no additional cost by contacting Technical Support.
Deprecation of Version 7.x
CertAccord Enterprise 7.x releases will no longer be supported effective Aug 1, 2025.
About Revocent and CertAccord Enterprise
Founded in 2015, Revocent provides innovative PKI products to organizations of all sizes worldwide. The company’s premier CertAccord Enterprise product provides X.509 certificate automation to enable customers to extend their existing Microsoft Enterprise CA to Linux and Mac platforms. Full life-cycle management of certificates allows customers to significantly reduce ongoing labor costs, improve security, and simplify their PKI.
CertAccord Enterprise allows Linux, MacOS, and Windows (including non-AD joined) systems to easily create and install fully managed digital certificates. Integration with Active Directory is built in into CertAccord and does not require changing authentication systems at the OS (Linux) level. You can install CertAccord in hours – not months – without major changes to your existing PKI or AD environments.
The enrollment and fully automatic renewal of certificates from Microsoft ADCS on platforms such as Linux and MacOS significantly reduces costs and reduces risk of service outages from manual certificate creation. Automatic renewal of certificates significantly lowers cost and significantly reduces the risk of service outages.