This release has the following Certificate Manager known issues.

Error when taking certificates off hold (ATEAM-1445)

For certificates with Revocation Reason: On Hold, attempting to unhold the certificate may fail, or the Unhold option may be absent from the Actions dropdown.

Issues when changing the display order of custom fields (ATEAM-15463)

In the Custom Fields page of the web console, administrators can change the display order of the custom fields. However:

  • Reordering a custom field does not change the Display Order column value.
  • Refreshing the Custom Field page reverts all changes.

Workaround: After dragging a custom field to a different position, move the Ξ drag icon within its row to make the changes persistent.

Some endpoint filters display invalid results on report files (ATEAM-15933)

The following endpoint filters do not display correct results on the downloaded report files.

  • is empty
  • is not empty

Certificates without names not synced from source (ATEAM-16039)

Certificates without a name are not successfully synced from Sources.

Wildcard certificates not recorded (ATEAM-16436)

The application does not record wildcard certificates successfully scanned by the Discovery Scanner.

Wildcard certificates are certificates containing the wildcard asterisk in the issuer and subject. 

Buttons language not affected when switching language (ATEAM-16920)

Switching the language before logging in does not affect the language of the Delete and Cancel buttons in the Confirm Delete popup on the Destinations page.

Owner grid column not populated when accessing reports (ATEAM-16923)

The Owner grid column is not populated when accessing the Report Schedules from the Report Designer grid.

Workaround: Access the Report Schedules grid from the navigation bar.

The Verify button does not always trigger a verification (ATEAM-16950)

After the failed verification of a Destination, clicking Verify again does not trigger a new verification.

Workaround: Make any change in the create form – for example, change the Description.

The public key ID can refer to the private key ID (ATEAM-16982)

When issuing a certificate using the Key Manager (KMIP) destination, the public key ID is also referring to the private key ID

Error when selecting the Domains widget (ATEAM-16986)

When using a FIND license, selecting the Domains widget on the Dashboard displays the following error.

Unable to show information: Forbidden. This request is not allowed.

Archive certificates option missing with FIND licenses (ATEAM-16988)

When using a FIND license, the option to Archive certificates is missing in the Actions dropdown on the Certificates grid.

Incomplete CA certificate chain (ATEAM-16997)

When creating a new certificate, the downloaded chain only includes the certificate of the CA that issued the new certificate instead of including the entire chain.

Verification fails for IIS destinations (ATEAM-17030)

Verification fails for IIS destinations if the username includes a domain name – for example:

.\user
domain\user

Unexpected Error When Pushing Certificate to SFTP (ATEAM-18788)

Pushing a certificate to an SFTP destination may fail with an error message that includes the following:

Caused by: java.lang.UnsupportedOperationException

Workaround: This error may occur if the plugin manages an outdated hash of the destination SSH key. To resolve this issue, please follow these steps:

  1. Edit the SFTP destination as explained in Editing a destination.
  2. In the Edit dialog, click Verify to force an update of the destination SSH key hash.
  3. Ensure the hash displayed by the confirmation message matches the hash of the destination public SSH key. 
  4. Click Save to confirm the changes. 

Occasional blank page when renewing a Sectigo CA certificate (ATEAM-18799)

The Certificate Manager console may display a blank page when manually renewing a certificate issued by a Sectigo CA 

Workaround:

  1. Reload the page. 
  2. Repeat the renewal operation. 

Manual upgrade required for supporting Sectigo CA (ATEAM-18790)

Certificate Hub 4.2.0 does not support requesting certificates from a CA Gateway 3.2.0  instance integrated with a Sectigo CA.

Workaround:

  1. Log in to https://trustedcare.entrust.com
  2. Download the solutions installers with .sln extension for:
    • Certificate Manager 4.2.1
    • CA Gateway 3.2.1
  3. Copy these files to any Cryptographic Security Platform node – for example, using an SFTP client.
  4. Run the clusterctl solution upload to upload the solution files.
  5. Run the clusterctl solution deploy command to deploy the new Certificate Manager and CA Gateway versions.

"Weak Hash Algorithm" filter requires resetting before generating a report (ATEAM-18804)

When using the Preview button to export the contents of the Weak Hash Algorithm system report, the generated report file includes more certificates than just those with a weak hash algorithm.

Workaround:

  1. Log in to the user console of Certificate Manager.
  2. Navigate to Report > Designer.
  3. On the report grid, click on Weak Hash Algorithm.
  4. Display the filter menu for the Signing Algorithm column.
  5. Click Clear to remove all the filter settings. 
  6. Click the Update button.
  7. Set again the initial filter configuration: 

    Starts with

    sha1

    Or

    Starts with

    md

  8. Click the Update button.
  9. Click Preview to confirm the generated report only includes certificates matching the filter.