# Changelogs ## **R1964 (24-Apr-2026)** **Release Version: v2.8.3** This major release introduces new features as below: ### **What's New** **DCV Diagnostics with Regional Attempt Visibility:**\ Introduced detailed Domain Control Validation diagnostics including per-region attempt history, last attempt tracking, and deep failure insights via new APIs and UI views. **Cryptographic Bill of Materials (CBOM) & PQC Readiness:**\ End-to-end CBOM capability introduced with dashboards, exports, and a Post-Quantum Cryptography (PQC) registry to classify certificates as Classical, PQC, or Hybrid. **Hybrid Certificate Support:**\ Certificate ordering, issuance, discovery, and grading workflows now support hybrid (Classical + PQC) certificates with proper classification and display. **Database Certificate Discovery:**\ Discovery capabilities extended to scan and inventory certificates stored within databases. **DNS Connector Management (Cloudflare, Route 53, Azure DNS):**\ New DNS connector module with encrypted credential storage enabling automated DNS-01 validation and certificate deployment. **ACME Expansion to External CAs:**\ ACME protocol extended to DigiCert and Let’s Encrypt using RA/Bridge integration with DNS-based validation. **WAEP (Windows Auto Enrollment Protocol) Integration:**\ Support for Windows Auto Enrollment with template mapping, AD group validation, and Kerberos authentication. **MyID Protocol Integration:**\ Native MyID ACME connector support with multi-product mapping and improved revocation handling. **FortiGate & Palo Alto Deployment Enhancements:**\ Deployment configuration prefill and scheduled provisioning support for FortiGate and Palo Alto devices. **Organization KYC Renewal Workflow:**\ New workflow enables KYC renewal without recreating organization records. **CBOM & Database Discovery in Bot:**\ CERTInext Bot enhanced to support CBOM scanning and database discovery with centralized reporting. **Hybrid & PQC Discovery in Bot:**\ Bot now supports detection, classification, and grading of PQC and hybrid certificates. **Windows Service Mode for Bot:**\ Bot now supports MSI installation, silent deployment, and Windows service execution. ### **Enhancements** **LDAP Connector Improvements:**\ Live connection status visibility, enhanced search, confirmation prompts, and improved PDF/Excel exports. **Pending User Activation Resend:**\ Admins can resend activation emails with throttling and UI feedback. **API Advanced Search Enhancements:**\ Enhanced filtering and multi-criteria search in API/ACME management. **Kerberos Keytab Support for WAEP:**\ Added keytab-based authentication support for enterprise environments. **OCSP Auto-Provisioning:**\ OCSP responder certificates automatically created during Private CA setup. **Hexadecimal Serial Number Visibility:**\ Discovery, exports, and CA views now include uppercase hexadecimal serial numbers. **InCommon Integration Hardening:**\ Enhanced login/logout flows, SSL validity enforcement (199 days), co-branding, and consent handling. **ACME SaaS Enhancements:**\ Improved CA connector handling, product filtering, and ACME base URL configuration. **CMP & SCEP Improvements:**\ Enhanced revocation messaging, MAC validation, and improved compatibility with AD CS and non-AD CS systems. **Session Security Hardening:**\ Session fixation protection, IP binding, secure session handling, and TOTP integration. **PDF Engine Migration:**\ Migrated from iText to OpenPDF across platform for improved licensing and performance. **Bulk Import Performance Improvements:**\ Batch processing, compression, concurrency handling, and reporting enhancements. **Domain Component Handling Improvements:**\ Standardized DC attribute handling and normalization across certificate issuance. **Certificate Chain Handling Improvements:**\ Improved chain validation, ordering, and naming consistency. **Revoke API Enhancement:**\ RevokeOrder API now supports revocation using serial number or order number. **Email Localization Improvements:**\ Emails now follow account language settings with fallback handling. **CSR Workflow Enhancements:**\ Skip CSR support, validation improvements, and UI fixes. **Organization Form Improvements:**\ Input validation, sanitization, and UI enhancements. **Private CA Enhancements:**\ Support for additional extensions, path length, CRL flags, and CPS handling. **ECC Algorithm Normalization:**\ Standardized ECC naming across UI and backend. **CAA & Domain Validation Messaging Improvements:**\ Improved validation messaging with clear examples. **Discovery Query Optimization:**\ Improved performance using batched queries and optimized filtering. **Dashboard Accuracy Improvements:**\ Unified counting logic ensures consistency between dashboard and grid. **EJBCA Credential Handling Improvements:**\ Preserves credentials securely during updates. **SSO Usability Enhancements:**\ Improved validation, accessibility, and keyboard interactions. **Bot Provisioning Enhancements:**\ Improved defaults, sorting, UI behavior, and OS visibility. **SAML SLO & Federation Enhancements:**\ Improved Single Logout, metadata handling, and federation discovery. **Public API v2 Foundation:**\ Initial scaffolding introduced for next-generation public APIs. **Localization Enhancements:**\ Expanded translations and improved messaging across all supported languages. **Bot Enhancements (Discovery & Deployment):**\ Improved IIS binding, port scanning, database reachability, Nginx deployment, throttling, and tray UI. **Communication Server Email Integration:**\ Centralized email handling replacing legacy SMTP in Discovery API. **Runtime Optimization:**\ Reduced dependencies and improved system performance. ### **Scheduler Enhancements** **Issuer Visibility in Reminder Emails:**\ Certificate expiry and renewal emails now include issuing CA details. **Build & Dependency Improvements:**\ Removed iText dependency, improved build consistency, and optimized email rendering. ## **R1953 (14-Apr-2026)** **Release Version: v2.8.2** This major release introduces new features as below: ### **What's New** **SAML Single Logout (SLO) & Federation Metadata Support:**\ CERTInext now supports Single Logout and SP metadata publishing, enabling seamless federation with SAML-compliant identity providers. **MDQ-Based Federation Discovery:**\ Automatic identity provider discovery using MDQ protocol allows dynamic configuration of SAML integrations without manual setup. **ACME Expansion to External CAs:**\ ACME automation now supports DigiCert and Sectigo in addition to AD CS and Let’s Encrypt, enabling broader certificate automation. **LDAP / Active Directory Authentication:**\ Organizations can now authenticate users via LDAP/AD with group-to-role mapping, automatic provisioning, and scheduled synchronization. **CSR Parsing and Auto Prefill:**\ Certificate request forms now automatically extract and populate details from uploaded CSRs, reducing manual input. **Bulk User Import via Excel:**\ Administrators can import users in bulk using Excel templates with validation, role assignment, and automated onboarding. **Saved Search Filters:**\ Users can now save frequently used search criteria for faster access to audit logs and certificate views. **MyID Integration:**\ Integration with MyID enables certificate lifecycle operations with external identity-driven certificate authorities. ### **Enhancements** **InCommon Migration Improvements:**\ Data migration performance has been enhanced with batch processing, compression, and improved error handling. **Multi-Language Email Notifications:**\ Email communications now respect account language preferences (English, German, Spanish). **Agentless Deployment with WinRM Support:**\ Windows environments now support WinRM-based certificate deployment, improving automation for IIS and Windows servers. **Feature Flag Enhancements for On-Prem Deployments:**\ Enhanced configuration controls allow dynamic management of billing, CAPTCHA, DNS validation, and onboarding features. **Branding Update to CERTInext:**\ Complete transition from eMudhra/emSign branding to CERTInext across UI, emails, and communications. **Accessibility Improvements:**\ Enhanced navigation, semantic structure, and screen reader compatibility for improved usability. **Private PKI Form Enhancements:**\ Improved user experience with better placeholders, validation messages, and restored form states. **Low Balance Notifications:**\ Account balance alerts have been re-enabled to ensure uninterrupted certificate operations. ## **R1942 (31-Mar-2026)** **Release Version: v2.8.1** This major release introduces new features as below: ### **What's New** **External CA Integration in Certificate Requests:**\ CERTInext now supports DigiCert, Sectigo, AD CS, Let’s Encrypt, and EJBCA as certificate sources, enabling unified certificate lifecycle management across public and private CAs. **SAML & OIDC Enterprise SSO Support:**\ Support for SAML 2.0 and OpenID Connect has been added alongside Azure SSO, allowing seamless enterprise authentication with providers like Okta and other identity platforms. **Data Migration Tool (Sectigo/InCommon):**\ A new migration tool enables automated import of certificates, users, groups, and organizations into CERTInext with validation, preview reports, and audit tracking. **AD CS Integration via CERTInext Bot:**\ Microsoft AD CS integration is now supported through the CERTInext Bot using Certsrv, CertEnroll, and COM APIs, enabling full lifecycle management within enterprise PKI environments. **Expanded Protocol Support (CMP, SCEP, EST, ACME):**\ Industry-standard protocols are now integrated with AD CS and other CAs, enabling flexible certificate enrollment and lifecycle automation across diverse systems. **Discovery API v3 with JWT Authentication:**\ A new version of Discovery APIs consolidates operations into secure REST endpoints with JWT-based authentication and improved performance. **Vulnerability Scanning via CERTInext Bot:**\ CERTInext Bot now performs SSL/TLS vulnerability scans with grading (A–F), providing insights into certificate security posture. **DNSSEC and CAA Validation:**\ Enhanced domain validation includes DNSSEC verification and CAA record checks to ensure compliance with CA/B Forum requirements. **File Server Integration for Certificate Storage:**\ Certificate artifacts and CSRs can now be stored on centralized file servers, supporting large-scale enterprise deployments. ### **Enhancements** **Agentless and Agent-Based Provisioning Unified:**\ Bot configuration now supports both agent-based and agentless modes within a single unified interface. **Bulk Provisioning Mode Selection:**\ Bulk provisioning workflows now allow selection between agent-based and agentless deployment modes. **EUR Currency and Multi-Currency Support:**\ Full support for Euro (€) alongside INR and USD across billing, pricing, and financial operations. **MariaDB Support Across Platform:**\ CERTInext now supports MariaDB as an alternative database to MySQL across all components. **RDP-Based Discovery Support:**\ Certificate discovery now includes Remote Desktop (RDP)-based scanning for Windows environments. **Post-Quantum Cryptography (PQC) Readiness:**\ Support for PQC algorithms has been introduced to prepare for future cryptographic standards. **Performance Improvements:**\ Thread pool optimization and asynchronous logging have been implemented to enhance platform performance and scalability. **Feature Flag Controls:**\ New feature flags allow dynamic enablement of DNS validation, pricing, retail visibility, and other deployment-specific features. ## R1924 (22-Feb-2026) **Release Version: v2.8.0** This release introduces new features as below: ### **What's New** **Enhanced Bot Statistics:**\ Bot statistics now include both **Discovery and Provisioning metrics**, providing improved visibility into bot performance and operational activities. **CA Connector Test and Save Validation:**\ Administrators can now test CA connector configurations before saving them, ensuring the connectors are correctly configured and reducing integration errors. **Product-Based Custom Field Mapping:**\ Custom fields can now be mapped directly to specific certificate products, allowing organizations to capture product-specific information during certificate request workflows. **Improved Custom Field Display for PKI Products:**\ Custom fields configured during PKI product profile creation are now displayed under **Certificate Information**, while the remaining fields continue to appear under **Additional Information**, maintaining existing behavior. **Default Custom Fields and Auto Refund Configuration:**\ Custom fields and the **Auto Refund within 30 days of certificate revocation** option are now enabled by default for all self-onboarded accounts. **Agent-Based and Agentless Bot Differentiation:**\ The Bot Configuration page now clearly differentiates between **Agent-Based and Agentless Bot approaches**, improving clarity during bot setup and configuration. **Technical Point of Contact Role Definition:**\ The responsibilities and role of the **Technical Point of Contact (TPOC)** are now clearly defined across the platform for better operational management. **Euro Currency Support:**\ CERTInext now supports **Euro (€) currency**, allowing organizations to manage billing and transactions in European currency. **CERTInext Bot as a Service:**\ The CERTInext Bot now runs as a **system service**, ensuring continuous execution and improved operational reliability. ### **Enhancements** **Integration Execution via Bot:**\ Integrations such as **F5, AWS, and other supported platforms** now operate through the CERTInext Bot instead of directly through the CERTInext application, improving network isolation and deployment flexibility. **Bot Log Visibility in the UI:**\ The CERTInext Bot now pushes log files to the platform, allowing administrators to view and monitor bot logs directly within the user interface. **Improved Bot Data Storage Location:**\ Bot-related data, including the SQLite database and operational files, are now stored under **Program Data** instead of user profile App Data, ensuring better system stability. **Placeholder and Field Text Improvements:**\ All placeholders across the platform have been reviewed and updated to improve clarity and consistency. **Server-Side Validation Enhancements:**\ Comprehensive server-side validations have been implemented to ensure improved data accuracy and platform reliability. **Field Length Validation Improvements:**\ Proper field length validations have been introduced wherever applicable to prevent data inconsistencies. **Removal of CommServer Dependency:**\ The platform no longer depends on CommServer APIs. Email and SMS services are now handled internally within CERTInext. **Removal of IP Server Dependency:**\ Dependency on IP Server APIs has been removed, with the related implementations now handled internally. ### **Security Updates** **VAPT Issue Resolution:**\ All vulnerabilities identified during the **Digital Age VAPT assessment** have been addressed to improve platform security. **Environment Variable and Log4j Improvements:**\ Environment variable handling and Log4j configurations have been reviewed and implemented across all projects to strengthen platform security. **Cloudflare Turnstile Implementation:**\ Cloudflare Turnstile has been implemented to replace **Google reCAPTCHA**, improving privacy compliance and authentication security. ### **Certificate Lifecycle Enhancements** **Suspend and Revoke for CA and End Entity Certificates:**\ Administrators can now suspend and revoke both **Certificate Authority certificates and End Entity certificates**, enabling better certificate lifecycle management. ### **Dynamic Application Behavior for On-Premise Deployments** **Back-office Finance Handling:**\ Back-office systems now dynamically handle finance and account-related features based on deployment configurations. **Self-Onboarding Configuration:**\ Self-onboarding functionality can now be dynamically enabled or disabled based on deployment settings. **Dynamic Login Page Banner:**\ The login screen banner content can now be configured dynamically depending on the deployment environment. **Dashboard Configuration Improvements:**\ Dashboard components now dynamically adapt to handle **pricing, domains, organizations, and related configurations**. **Configurable CAPTCHA on Login Page:**\ Image-based CAPTCHA can now be enabled on the login page based on deployment configuration. **Group-Level Domain and Organization Management:**\ Domains and organizations are now handled within groups to provide improved hierarchical management. **Finance Handling Across Platform Components:**\ Financial workflows are now consistently handled across **the application, APIs, and supported protocols**. **CLM Module Enabled by Default:**\ The Certificate Lifecycle Management (CLM) module is now enabled by default in on-premise deployments. **Enhanced Certificate Request Workflow:**\ The certificate request workflow now supports **KYC document uploads, Skip CSR option, and DNS type selection (Internal or External)** for improved flexibility. ## R1859 (14-Dec-2025) This major release introduces new features as below: > #### What's New * **Public Links for Certificate Requests (Public & Private PKI):**\ Users can now generate and share public request links for both Public and Private PKI certificate products, enabling easy request collection without portal access. * **Basic Authentication for Public Links:**\ A new authentication layer adds security to public request links, ensuring only authorized users can initiate certificate requests. * **Fortigate, Palo Alto & Kubernetes Integrations:**\ CERTInext now supports integrated workflows for Fortigate, Palo Alto, and Kubernetes environments, enhancing automated deployment and certificate onboarding. * **OIDC SSO Integration (Okta & Azure):**\ Single Sign-On via OIDC is now available with Okta and Azure, offering seamless and secure login experiences for enterprise users. * **Expanded Protocol Support (Public & Private PKI):**\ Support for ACME, SCEP, EST, and CMP protocols has been added, enabling flexible automation across diverse infrastructure environments. * **Bulk Operations Enhancements:**\ Users can now submit private PKI orders in bulk, approve multiple requests at once, and perform bulk downloads of certificates or PFX files for all supported products. * **Request Certificates Without CSR (Private PKI):**\ Private PKI users can now generate certificates without uploading a CSR; the system automatically provides a ready-to-use PFX file. * **OAuth2 Support for REST APIs:**\ REST API integrations now support OAuth2 for improved security, token-based access, and easier enterprise adoption. * **Enhanced Discovery & Provisioning:**\ Discovery and provisioning have been isolated for improved performance, with a revamped Bot creation page supporting script and GPO-based automation. * **Flexible Bot Configuration (Individual & Bulk):**\ Bots and certificates can now be configured individually or in bulk, allowing overrides and rapid adjustments across large deployments. * **Multi-Server Certificate Mapping:**\ A single certificate can now be mapped to multiple servers, improving reuse and simplifying deployment strategies. * **Improved Scan & Bot Status Separation:**\ Scan status is now completely isolated from Bot status, offering more accurate reporting and troubleshooting clarity. * **Flexible Certificate Deployment Options:**\ During deployment, users may choose between an existing certificate or request a new one, based on operational needs. * **HTTP-Based DCV via Bot:**\ When the Bot has access to the web-root directory, it can automatically complete HTTP-based DCV (emSign-supported only). * **Renewal & Deployment Scheduler for Provisioning Bots:**\ A new scheduler automates renewal and deployment tasks for provisioning Bots, reducing manual intervention. * **Revamped Vulnerability Scanning:**\ Vulnerability scanning for certificate connections has been enhanced to provide deeper insights and more actionable results. * **Bulk Pause and Resume for Bots:**\ Bots can now be paused, resumed, or reactivated in bulk, making large-scale operational control more efficient. * **Rollback and Retry Certificate Deployment:**\ Deployment failures can now be rolled back and reattempted, improving reliability and minimizing downtime. * **Deployment Validation (Manual/Automatic):**\ CERTInext now supports both manual and automated validation to confirm successful certificate deployment. * **Database Certificate Discovery & Deployment:**\ The platform now supports certificate discovery and deployment for database servers, expanding automation coverage. * **Subscription & Auto-Renewal Options:**\ New yearly subscription models and automatic renewal features have been introduced for continuous service availability. * **Auto-Mapping of Provisioning Bots:**\ Provisioning Bots can now auto-map based on the IP address where a certificate is detected, improving automation accuracy. * **Bulk Certificate Import for Monitoring:**\ Users can import large batches of certificates for monitoring, simplifying onboarding for existing infrastructures. * **App Server Auto-Detection:**\ Bots can automatically detect application servers and their configuration paths, reducing manual setup. * **Alerts for Failed Provisioning:**\ New alerts notify users when provisioning operations fail, enabling quicker troubleshooting and resolution. * **Advanced Bot Performance Configuration:**\ Administrators can configure throttling settings, threads, and batch processing parameters directly in the Bot configuration file. * **Detailed Certificate History:**\ Each certificate now includes a comprehensive history of all actions performed, offering full traceability and auditability. * **Agentless Bot Discovery & Provisioning:**\ Agentless Bots now support cross-platform discovery and provisioning, including Windows-to-Linux and Windows-to-Windows operations. #### Enhancements * **Skip CSR for Private PKI Products:**\ Private PKI users can now generate certificates without uploading a CSR, allowing the system to automatically create key material and issue a ready-to-use certificate package. * **Custom Extensions for Private PKI Products:**\ Administrators can now configure custom certificate extensions for Private PKI products, enabling advanced use cases and compliance-driven certificate customization. * **Platform Localization for German and Spanish:**\ CERTInext now supports full UI localization in German and Spanish, offering a native experience for multilingual teams and global deployments. * **Bundled Module Views for Simplified Navigation:**\ Related modules are now grouped into unified pages such as Orders + Organizations + Domains + Public Links, Private CAs + Products, combined API interfaces (REST, ACME, CMP, EST), Statements + Invoices, and consolidated User/Role management. * **UI/UX Enhancements Across the Platform:**\ A new color theme, support for light/dark modes, sortable grid columns, advanced search, Toastr notifications, collapsible PKI trees, redesigned product profile pages, updated action button layouts, and improved date formatting deliver a cleaner, modernized user experience. * **Discovery: Delete and Re-Discover Certificates:**\ Discovered certificates can now be deleted from inventory, allowing them to be re-discovered on future scans for improved lifecycle management. * **Security Updates & Technology Upgrades:**\ CERTInext now runs on Java 21, Bootstrap 5.3, and updated security libraries, along with architectural refinements that strengthen platform performance and reliability. * **Certificate Authorities: Download All Certificates or Full Chain:**\ Users can now download individual CA certificates or complete certificate chains directly from the Certificate Authorities section. * **Certificate Authorities: Quick Actions for Suspend, Activate & Revoke:**\ Suspend, activate, and revoke actions are now available as quick actions, improving administrative efficiency. * **Certificate Authorities: CRL Download Support:**\ CRLs can now be downloaded directly from the CA configuration page for operational and compliance purposes. * **Private PKI Products: Quick Action Suspend/Activate:**\ Administrators can now suspend or reactivate Private PKI products using quick actions, streamlining product lifecycle control. * **Private PKI Products: Regex-Based Field Validation:**\ Regex-based validation is now available for product fields, ensuring standardized input formats and reducing configuration errors. * **Custom Roles: Expanded Permission Set:**\ Additional permissions have been introduced for custom roles, offering finer control over access and operations. * **Renewal Reminder for Private PKI Certificates:**\ Private PKI certificate renewals are now included in the reminder system, ensuring timely action and continuous certificate availability. * **IP Address Field Support for Private PKI:**\ IP address–based fields are now available in Private PKI configurations, expanding usability for network-specific deployments. * **Subnet-Based Discovery:**\ Discovery jobs now support subnet-based scanning, improving visibility across distributed environments. * **Dashboard Enhancements for Certificate Activity:**\ New bar graphs display expiring certificates and total certificates issued, aligned with order activity for clearer operational insights. * **Database SSL Certificate Discovery & Provisioning:**\ The platform now supports SSL certificate discovery and provisioning for database servers, extending automation to additional infrastructure layers. * **User Access Restrictions via Tags:**\ Users can now be restricted based on assigned tags, providing granular access control across large organizations. * **Partner/Sub-Partner Pricing Flexibility:**\ Partner and sub-partner prices for products can now exceed the eMudhra base price, supporting reseller-specific pricing models. ## R1619 (07-Apr-2025) This release introduces new features as below **What's New** * \ **Group level - Deduct from Account Balance** **- Auto Approval option:** In the Account Configurations, if Auto Approval of certificate is checked, the system automatically approves and deducts the certificate amount from the main account balance without needing manual approval of certificates. * **CRL for Private PKI (Vanity CDP):** For better user experience, a Vanity CDP (Certificate Distribution Point) URL allows to customize the URL where the CRL is hosted. Instead of using a generic URL. * **CERTInext - Edit Private PKI Product/Template:** This feature would allow users to edit and customize Private PKI (Public Key Infrastructure) products or templates. * **Port Range-Based Scan for Webserver (SSL):** This feature allows users to define a port range for scanning when performing SSL/TLS certificate scans on web servers. * **Discovery and deployment with Cloudflare:** The CERTInext Hub, now has provision to discover and deploy certificates through Cloudflare. The existing SSL certificates can be discovered and deployed with new configurations through Cloudflare's API. * **Option to discard Auto Save / On hold orders:** The CERTInext Hub users can manually discard or delete orders that are automatically saved or placed on hold, allowing users to manage the orders more efficiently by removing irrelevant or outdated orders from their view. And, excluding the auto-saved or on-hold organizations from the dashboard count to improve clarity and reduce clutter. ## R1591 (10-Mar-2025) This release introduces new features as below:. **What's New** * **Anytime credit withdrawal from wallet:** This feature is added to allow users to withdraw funds from their wallet. User requests for withdrawal and raise a request, the request is processed form emSign backoffice and funds are credited to CERTInext user bank account. * **Discovered Certificates - Option to restore ignored certificates:** If any of the discovered certificates are ignored, users now have the option to restore them if needed. This feature gives users more control over which certificates should be considered, even if they were initially ignored for some reason. * **File system discovery - Ability to select/specify adjacent and/or subfolder options:** The file system discovery feature has been enhanced to allow users to specify adjacent and/or subfolder options during the scan process. This includes adjacent folders or subfolders that should be included in the scan. * **Partner & Sub-partner Group model:** A partner can create Groups and assign user to those groups with the role as Sub-Account User. The billing & payments, certificate approval is based on the account configuration for the individual groups. ## R1581 (28-Feb-2025) This release introduces new features as below:. **What's New** * \ **CERTInext Account-level configuration to enable/disable Interim DV Certificate generation:** This feature provides administrators with the ability to enable or disable the generation of Interim DV Certificates for OV and EV certificates. * **Option to deactivate an account user on the CERTInext platform:** Administrators can now deactivate specific users within the CERTInext platform. * **CERTInext Support for SSL Certificate deployment on HTTP Servers:** CERTInext now supports the deployment of SSL certificates directly to HTTP servers. This enhances the platform’s capability to handle secure communications and ensures that web applications can easily implement HTTPS for improved security. * **CERTInext** **Custom Roles** **module with granular permission control and user mapping:** A new "**Custom Roles**" tab has been introduced in Users module, allowing administrators to create highly custom user roles with precise permissions. * **CERTInext Policy OID validation for Private PKI products:** The system now validates the Object Identifier (OID) for policies related to Private Public Key Infrastructure (PKI) products. This ensures that the policies assigned to certificates comply with standards, helping to avoid errors and improving overall certificate management within private infrastructures. ## R1591 (10-Mar-2025) This release introduces new features as below:. **What's New** * **Anytime credit withdrawal from wallet:** This feature is added to allow users to withdraw funds from their wallet. User requests for withdrawal and raise a request, the request is processed form emSign backoffice and funds are credited to CERTInext user bank account. * **Discovered Certificates - Option to restore ignored certificates:** If any of the discovered certificates are ignored, users now have the option to restore them if needed. This feature gives users more control over which certificates should be considered, even if they were initially ignored for some reason. * **File system discovery - Ability to select/specify adjacent and/or subfolder options:** The file system discovery feature has been enhanced to allow users to specify adjacent and/or subfolder options during the scan process. This includes adjacent folders or subfolders that should be included in the scan. * **Partner & Sub-partner Group model:** A partner can create Groups and assign user to those groups with the role as Sub-Account User. The billing & payments, certificate approval is based on the account configuration for the individual groups. ## R1553 (31-Jan-2025) This release introduces new features as below:. **What's New** * **Consent Management System:** Consent Management System (CMS) will be implemented to manage user consent and compliance requirements. The system will collect, store, and track user consent for certificate issuance, data processing, and certificate renewals. To meet regulatory requirements and other privacy laws. Provides users with the ability to review, modify, or withdraw consent, ensuring transparent management of personal data. * **Akamai Discovery and Deployment (CPS + Origin Server):** Discovery and Deployment for Akamai will include the setup for the Certificate Provisioning System (CPS) and Origin Servers across different environments. * CPS Discovery: The system will automatically discover Akamai's CPS for seamless integration with CERTInext. * Akamai Origin Server Discovery: Identify and track origin servers that handle content delivery in Akamai's CDN, ensuring proper certificate application. * **AWS ECM (Enterprise Certificate Management)** will be integrated into CERTInext, enabling discovery and deployment of certificates within Amazon Web Services (AWS). Identify and track certificates issued and used within the AWS environment. * **Discovery and Deployment via Connector Bot:** Connector Bot will automate the discovery and deployment of certificates and keys across different environments and pushes it to the Requestor. * Discovery: Automatically scans the network and identifies all certificate stores, keystores, and other endpoints that require certificates. * Deployment: Automatically deploy certificates to target systems, ensuring consistent and up-to-date certificate management. * **CA Discovery:** CA (Certificate Authority) Discovery will allow CERTInext to automatically discover all active certificate authorities (CAs) within the organization. This ensures all issued certificates, whether internal or from third-party providers, are tracked and managed within CERTInext. * **JKS (Java KeyStore) Discovery:** Identify and manage certificates stored in JKS. JKS Management facilitates discovery of keystore files for certificate renewal, replacement, and revocation. * **Protocol Support (SCEP / EST / CMP):** Protocol Support will include SCEP (Simple Certificate Enrollment Protocol), EST (Enrollment over Secure Transport), and CMP (Certificate Management Protocol) to manage certificate issuance and lifecycle across various endpoints: * SCEP: Commonly used in environments like mobile devices and network devices for automated certificate enrollment. * EST: A more secure version of SCEP, used to ensure encrypted communication between devices and CAs. * CMP: Used in highly secure environments for complex certificate management workflows. * **File System Discovery – Key Store File (Certificates & Keys):** File System Discovery will help CERTInext scan the file system for keystore files, which may contain private keys and certificates. Files such as PKCS12 (.pkcs12) or Java KeyStores (.jks) will be identified, enabling the import, management, and tracking of certificates stored outside centralized systems. This is critical for environments where certificates and keys are stored locally or in custom key storage solutions. * CERTInext – New Partner & Sub-Partner Flow and Commission Model * Partner Onboarding: A simplified and structured process for adding new partners and sub-partners to the CERTInext platform. * Roles & Permissions: Partners and sub-partners will have distinct roles and permissions to manage certificates and associated processes. * Commission Model: * Tiered Commission Structure: Partners can earn commissions based on the discount percentage given to the Sub-partners. * Automation: The commission process is automated to avoid manual calculations, providing a transparent and real-time overview of earnings. * **Vulnerability Ratings in Discovered Certificates Excel:** When exporting certificate discovery data (e.g., to Excel), CERTInext will include vulnerability ratings for each discovered certificate. This feature will help identify certificates with known vulnerabilities or security risks. * **Monthly Invoicing:** CERTInext will support monthly generation of invoices for certificate services, tracking usage, and subscription charges over the course of the month. This will make the invoicing process more efficient and aligned with monthly billing cycles. This feature is based on permission provided in emSign backoffice. ## R1522 (31-Dec-2024) This release introduces new features as below:. **What's New** * **Auto-Save as Draft:** User input at each stage of certificate ordering will automatically be saved, preventing data loss during the process. * **Payment Options (Credit and Pay Now):** Users have two payment options for certificate orders: * **Credit balance:** Payment can be made using available credit in the user's account. * **Pay Now:** Payment via online payment methods (e.g., credit/debit card, bank transfer). * **Custom Field for Private PKI Certificates:** Users can create custom fields that will appear on certificates, providing flexibility for private public key infrastructure (PKI) certificates. * **Billing & Invoicing:** Accounts that previously used "On-Top up" billing are now switched to On-utilization billing. Invoices will now be generated for each certificate order. * **emSign Retail Platform Module:** * **New Pages:** Additional pages have been added. * **Summary:** A summary of the emSign platform account or order details. * **Requesting Certificate:** A page to view the certificate request process. * **Enrollment Renewals:** A page to view renewing certificates or managing enrollment. * **Provisioning:** A page to view for handling the provisioning of certificates. * **Region-based Pricing:** Prices are now displayed according to the user's region, detected through the IP address. This ensures that users see relevant pricing for their location. ## R1490 (29-Nov-2024) This release introduces new features as below:. **What's New** * **Autocomplete Subscriber Agreement (Validation Agent Portal):** When a document is manually uploaded for EV pre-vetting orders, the subscriber agreement will now be auto completed in the Validation Agent portal. This should streamline the process of completing the necessary legal and compliance steps for extended validation certificates. * **Different Certificate Download Formats:** Users can now download certificates in various formats, giving them flexibility depending on their system requirements: * **DER Encoded Binary X.509 (.CER):** A binary format commonly used for certificate files. * **Base-64 Encoded X.509 (.CER):** A base-64 encoded version of the DER format, which is suitable for web applications or email transmission. * **Base-64 Encoded X.509 (.CRT):** Similar to the .CER format, but sometimes used for different certificate types or services. * **Zip:** A compressed file format that may contain multiple certificates or related files. * **emSign Retail - Multi-Year Subscription for EV Products:** There is now the option to subscribe for multi-year periods (1, 2, or 3 years) for EV (Extended Validation) products. This option allows users to secure EV certificates for a longer duration upfront. ## R1490 (29-Nov-2024) This release introduces new features as below:. **What's New** * **Certificate Provisioning Platform Charges:** Platform charges are now applied automatically with each auto deployment of a certificate. This means that every time a certificate is automatically provisioned or deployed, a configured fee is levied, ensuring the platform charges align with usage. * **Discover SMIME via Azure AD:** There is now a feature to discover SMIME (Secure/Multipurpose Internet Mail Extensions) certificates through Azure Active Directory (Azure AD). This enables seamless integration and discovery of SMIME certificates within the Azure environment, which are used for secure email communication. * **Discover Certificates Manual Import:** A manual import option has been added, allowing users to import certificates manually and handle the provisioning of these certificates. This feature provides more flexibility for certificate management, particularly when dealing with certificates not automatically discovered or issued by the platform. * **Tags-based Search for Discovered Certificates:** Users can now search for discovered certificates using tags that they have specified. This feature will make it easier to filter and locate certificates based on custom tags, which could be related to usage, type, or other metadata. * **Orders Report (Advanced Search):** An advanced search capability is now available in the Orders Report section. Users can filter orders based on various criteria such as: * **Groups:** Search by groups of users or certificate types. * **Order Status:** Filter based on the current state of the order (e.g., pending, completed). * **Certificate Status:** Filter based on the status of the certificate (e.g., valid, expired, revoked). * **emSign Retail:** * **Cart Implementation:** A cart functionality has been added, allowing users to select and add products (presumably certificates or related services) to a shopping cart and proceed to checkout. This introduces a more intuitive e-commerce experience for users. * **Currency Handling Based on IP Address:** The platform now handles currency based on the user’s IP address, automatically displaying the correct currency for their region. This provides a localized experience for users across different countries. ## R1427 (27-Sep-2024) This release introduces new features, including DSC-based login, advanced certificate discovery and management options, enhanced bot capabilities, and improved billing and reporting functionalities. **What's New** * **DSC-Based Login**: A new login mechanism using Digital Signature Certificates (DSC) is now available, offering a more secure way to access the platform and ensuring enhanced authentication for critical operations. * **Discover Certificates**: A comprehensive set of key actions can now be performed on certificates discovered via Bots such as Rotate, Rekey, Revoke, Suspend, Reinstate, Initiate, Order and Deploy.. * **CT Logs Monitoring**: Enhanced monitoring of Certificate Transparency (CT) logs for better certificate lifecycle management. * **CSR Templates**: Easily create and manage Certificate Signing Request (CSR) templates to streamline certificate requests. * **Provisioning Templates**: Simplify and automate certificate provisioning with pre-configured templates. * **Bots Capability To Discover via multiple Sources**: New support for scanning and discovering certificates across various environments, including SSL, HSM, LDAP, File Systems, Certificate Stores, Cloud Providers (AWS), and SSH. * **Bots Provisioning Capabilities To Multiple Servers**: Expanded provisioning capabilities to multiple server types, including Tomcat, JBoss, Jetty, WebLogic, Nginx, FTP, SFTP, LDAP, Certificate Store, and IIS. * **Manage Keys**: Added functionality to create new key pairs (both Asymmetric & Symmetric) for enhanced security and cryptographic operations. * **Key Profiles**: Users can now create and manage key profiles, improving the organization and security of their key infrastructure. * **Key Store**: Support for new key storage solutions, providing more options for secure key management. * **Generating Proforma Invoices**: Simplified process for generating Proforma Invoices directly within the platform. * **Group-level credit management**: Group-level credit management now available, allowing for easier tracking of financial transactions across multiple accounts. * **Reports**: Added new reports such as Overall Statistics Report, Certificates Report, Key Store Report and Key Reports to effectively track and manage. * **Manage Schedules**: Ability to create and manage scheduler tasks, allowing for automated certificate and key management workflows. * **CA Connectors**: Seamless integration with emSign, emCA, Microsoft PKI, and DigiCert to streamline the certificate issuance and management process. * **CSR Related Weak Debian / ROCA / FERMAT Validation**: Improved validation mechanisms to detect weak CSRs generated on Debian systems and prevent vulnerabilities related to ROCA and FERMAT. * **Group-Level Product Enablement**: Products can now be enabled and managed at the group level, providing more granular control over user access and product usage. ## R1371 (02-Aug-2024) This release introduces Invoicing upgrades for international invoices. **What's New** * **Upgraded Billing Entity for International invoices:** All the international invoices are billed under 'eMudhra DMCC' billing entity instead of 'eMudhra Inc'. With this change in effect, 5% VAT (Value Added Tax) will be included based on the order value, applicable only for UAE customers/partners. ## R1354 (16-Jul-2024) This release introduces Multi-year Subscription support for EV SSL certificates, SSL Subscription Start and End Date information within SSL invoices and strengthening Build-Your-Own Enterprise CA with PQC algorithms support for long-term security. Additionally, we've made few enhancements to our current IGTF Host Private trust offering at par with industry standards, enhanced order viewing experience and few API updates. **What's New** * **Multi-year EV Subscription SSL**: Enterprises and Resellers can now avail Subscription-based SSL/TLS through our ordering form for Multi-year EV SSL subscription (up to 3 Years). This comes with multi-year EV SSL Invoice & auto-reissue support before 30/60 days of certificate expiry. * **Subscription Start & End Date within SSL invoices**: Added support for a new invoicing option 'Invoicing at the time of certificate issuance' alongside our existing invoicing options. This helps enterprises to see SSL Subscription Start Date & End Date within the invoice copy of DV/OV/EV SSL orders. To avail this flexibility or to switch to this new option, please contact your Account Manager. * **PQC Algorithms Support under Private Trust**: Added support for Post Quantum Cryptography (PQC) algorithms to strengthen Build-Your-Own Enterprise CA for longer security. This includes DILITHIUM, FALCON & SPHINCSPlus algorithms. Please note that, the final standards for Post-Quantum Cryptography by NIST (National Institute of Standards and Technology) are still under standardization. ## R1300 (23-May-2024) This release introduces emSign CertHub platform support for on-premise deployment alongside our existing cloud offering. This update empowers enterprises to choose the deployment model that best suits their needs, whether it's in the cloud or on their own infrastructure. **What's New** * **On-Premise Deployment Option**: Enterprises now have the flexibility to deploy our platform on-premise, allowing for greater control. * **API Layer Integration**: We've rebuilt the platform with a robust API layer, enabling seamless integration with database and other functions. > **Enhancements** * **Removal of Purchase Orders feature:** Purchase Orders feature has been removed from emSign CertHub platform. For any support regarding PO-based credits allocation/payment status tracking, please contact your Account Manager. * **CSR**: Added support for ECC (Elliptic Curve Cryptography) key algorithm in the SSL certificate ordering form. ECC keys provides enhanced security with smaller key sizes. ## R1251 (04-Apr-2024) This release brings advanced DNS configuration capabilities in Groups (Business Units) feature to meet enterprise-specific requirements. Additionally, we've enhanced enterprise account settings to exclude pre-verified organization representative from receiving the order related email notifications & minor API enhancements. > **What's New** * **Permit & Restrict specific DNS capabilities:** Introducing Permit & Restrict DNS (and few more) capabilities under Groups feature within the platform. This helps the enterprise admin to specify the domains in multiple groups (business units) based on the needs and to limit the users of the respective group to use the allowed domains while ordering the certificates. This option is applicable for both public trust (SSL/TLS) and Private trust (IGTF/others) certificate ordering via portal and REST APIs. * **Group-wise Report:** Enterprise Admin users can now get a detailed group-wise permitted and restricted domains excel report for the complete visibility of their business units within their enterprise. > **Enhancements** * **Enhanced enterprise account settings:** Added an ability to exclude the pre-verified organization representative from receiving all the order email notifications. This option simplifies the SSL OV ordering process by eliminating repetitive email notifications to the organization representatives (CFO or similar). * Minor enhancements in REST APIs. ## R1230 (14-Mar-2024) In this release, we've renamed the branding/logo to **emSign CertHub**, introduced new SMIME offerings for individuals, professionals and organizations, pre-vetting support for SMIME & Voucher Codes. Additionally, it includes new single-step ordering experience and other enhancements. > **What's New** * **emSign Hub is now emSign CertHub:** Refreshing the branding/logo of our platform to CertHub for clear communication/brand positioning as a certificate management platform. * **New emSign SMIME IV-S, SV-S & OV-S Offerings:** Introducing emSign SMIME Individual Validated certificates for individuals, Sponsor Validated certificates for professionals & Organization Validated certificates for organizations/entities to secure their email communications. Strict S/MIME profiles comes with EKU limited to Email Protection, and stricter use of Certificate Subject attributes & other extensions. Resellers and Enterprises can now avail these offerings with 1/2 year certificate validity. * **Pre-vetting Support for SMIME:** Now get emSign SMIME certificates instantly without repetition of Organization Validation (OV) & Email Domain Control Validation. This allows enterprises to quickly provision SMIME certificates to their users/employees to enhance email security. * **Introducing Voucher Codes in emSign CertHub:** Now you can redeem vouchers for a free credit to begin. For more information, please contact your Account Manager. > **Enhancements** * **Enhanced Support for Certificate Ordering:** Now in a single step, Customers can seamlessly order any number of certificates. Our dedicated support team takes care of filling your certificate ordering form and you receive an email confirmation for your review and payment. Pay Online & complete your ordering process. * **Simplified SMIME Mailbox Validated Ordering Experience:** Added an ability to provide the Subscriber Agreement consent within the ordering form. This helps to speed up the certificate issuance, avoiding repetitive email notifications. Applicable for IV, SV & OV SMIME offerings as well. ## R1196 (09-Feb-2024) This release introduces EV Pre-vetting support feature to simplify SSL certificate management, In-Platform EV Certificate requests approval feature for EV Certificate Approvers, Re-use of pre-verified EV organizations in OV SSL orders & Enhanced Support for New Customers. Additionally, it includes advancements in Private PKI feature with an ability to attach KYC Documents for IGTF Host certificates, improved SSL EV ordering experience, and few other enhancements. > **What's New** * **In-Platform EV Approval feature:** EV Certificate Approvers can now approve multiple SSL/TLS EV certificate requests on behalf of their organization within the emSign CertHub platform. This helps to simplify approval processes with our new in-platform approval feature, complementing email notifications. To access this feature, Certificate Approver should be an account user within their enterprise account. * **EV Pre-vetting Support:** Introducing Organization Pre-vetting support for SSL/TLS EV certificate requests by leveraging most of the previously verified information. This helps enterprises to re-use EV organization in the ordering form and quickly get the EV certificates with minimum verification requirements and customer pending actions such as DCV, Online Subscriber Agreement Acceptance by an authorized Contract Signer and few more. * **Re-use of pre-verified EV organizations in OV SSL orders:** Added an ability to re-use EV organizations in OV certificates as a pre-vetted organization. This helps enterprises to get instant OV certificates on demand. * **Enhanced Support for New Customers:** Once you onboard yourself through emSign CertHub Sign up form, your account manager will receive instant notifications about your account. This helps enabling your account manager to promptly assist you with platform usage & pricing queries. > **Enhancements** * **KYC Documents feature in IGTF Host offering:** Added an ability to optionally attach KYC documents within the IGTF Host certificate ordering flow for the ease of certificate issuance. This helps Enterprise Administrators to review the submitted KYC documents and approve the certificate requests. This option is also available to use in other Private PKI certificate offerings. * **Simplified Organization Management:** Added 'Validation For' column as an identifier to easily track 'OV' pre-verified organizations and 'EV & OV' pre-verified organizations. * **Improved SSL EV ordering experience**: emSign CertHub customers can now provide the information of Contract Signer and Certificate Approver within the EV ordering form. This helps enterprises with an ability to specify one individual as Contract Signer and another as Certificate Approver to meet your specific requirements. ## R1167 (11-Jan-2024) In this release, we've enhanced our Single Sub-domain SSL ordering experience, Certificate Renewal reminder functionality-related improvements, and Simplified Billing Information including Invoice updates. Additionally, we've enhanced the Expiring Certificates report for better reporting. > **What's New** * **Set Certificate Renewal Reminder Frequency:** Enterprise Administrators can now set certificate renewal reminder frequency (Before 90 days of expiry, etc.) for better customer experience. This option is readily available as part of Account Configuration settings within the emSign CertHub platform. * **Turn Off Notifications:** Added ability to Turn Off the certificate renewal reminders even for selected orders. Additionally, this release brings renewal reminder usage improvements which will help you to automatically stop receiving the renewal reminders as soon as you renew your certificates. This flexibility is enabled for SSL/TLS & other certificates. > **Enhancements** * **Enhanced Single Sub-domain Ordering experience:** We've enhanced our Single Sub-domain SSL/TLS ordering experience in this release. This helps to effectively re-use the validation of pre-verified base domains for its sub-domains. This will help you to get instant certificates for your sub-domains without repetition of DCV for each sub-domain. * **Simplified Billing Information:** PAN field is now 'optional' in Billing Information, applicable for Indian customers. This field is mandated only for billing transactions above Rs. 2 Lakh. * **Improved Expiring Certificates Report:** Added more information in the Expiring Certificates Excel report for better reporting. * **Invoice Updates:** Automated Invoice process improvements without PAN for handling Government enterprise use cases. * **Customized Email Templates:** Customized email templates to meet Reseller-specific requirements. ## R1152 (27-Dec-2023) In this release, we've enhanced our Enterprise & Reseller Sign Up forms with Mobile Number field for effective communication. Additionally, we've enhanced the organization view experience with minor improvements. > **Enhancements** * **Mobile Number field in Sign Up forms:** Added 'Mobile Number' field in Enterprise & Reseller Sign Up forms, applicable only for Indian customers. This additional information helps your account manager to contact you for any platform usage & pricing queries. * **Updated Organization View Experience:** Refreshed the 'Organizations' page to instantly view the verified organization KYC information. This helps to effectively re-use the pre-verified organization information in future certificate requests. ## R1139 (14-Dec-2023) This release introduces a Subscription-based SSL feature to simplify SSL certificate management including multi-year invoice support, Certificate Discovery feature via CT Logs (Certificate Transparency) for pre-verified domains to identify all public-facing SSL certificates. Additionally, it includes advancements in Private PKI feature with new IGTF Host certificate offerings under emSign Private Trust, an improved SSL multi-domain ordering experience, and various other enhancements. > **What's New** * **Discovery via CT Logs:** We are introducing a new certificate discovery feature, Monitor CT Log for pre-verified domains to discover all the public-facing SSL certificates of each domain and manage everything via a centralized certificate results interface. Added ability to automatically discover any new certificates. * **Subscription SSL:** You can now avail Subscription-based SSL/TLS through our ordering form wizard for a Multi-year SSL subscription. This comes with multi-year SSL Invoice & auto-reissue support. * **Auto-reissue SSL:** Automatically reissue the SSL certificates with the ability to choose the auto-reissue interval (before 30 days, etc.) and keep receiving the re-issuance reminder notifications to expedite customer pending actions and instant download of new SSL certificate. * **New Private PKI Offerings:** This release brings certain Private PKI advancements with a new IGTF Host Certificate offering under emSign Private Trust. * **Order Status Tracking URL for Private PKI Certificates:** Added ability to track the order status of emSign Private PKI certificates (IntranetSSL & many more). * **Enterprise Admin Checklist & Approval:** We've made a few tweaks and a bit of fine-tuning to make the Private PKI certificate ordering even easier to use. This includes enterprise administrator checklist & approval configuration. * **Track SSL Subscription:** Efficiently manage & track your SSL subscription validity in the order details interface. > **Enhancements** * **Enhanced SSL Multi-domain ordering experience:** Refreshed 'SSL Multi-domain Ordering form wizard' with an option to select No. of domains and see the SSL pricing up-front for better user experience. * **Expiring Certificates Report:** Users can now see the "Export to Excel" option to generate a report with detailed certificate expiry statistics. ## R1124 (29-Nov-2023) The latest release includes an automatic order cancellation feature for all emSign certificates to address compliance issues, along with minor enhancements to the ordering form. > **What's New** * **Automatic Order Cancellation Changes:** We've made enhancements to automatically cancel even the orders which are marked as discrepancy and pending for customer actions from 90 days. ## R1115 (20-Nov-2023) This release introduces an automatic credit refund within 30 days for certificate revocation, Includes support details in order-related emails to facilitate communication based on account configuration, and incorporates minor improvements for reusing the organization consent token in the ordering form. > **What's New** * **30-day Revocation Refund:** Amount will be credited to Account / Group if the certificate is revoked within 30 days from the ordered date. If this feature is not available in your account, please contact your Account Manager. * **Custom Email Templates:** Added ability to add the support contact details (Name, Email & Phone) configured at account configuration which will be applicable for all the order related email notifications. ## R1101 (06-Nov-2023) This release introduces the Reuse of domains for DV orders, reminders for certificate renewal notifications to facilitate renewal decision-making, Streamlined Order Approval process by Account Administrator for the requests submitted by Standard User & Basic User Roles, and the inclusion of GSTIN in Invoices. > **What's New** * **Reuse of Domains for DV Orders:** New Domains entered & validated via emSign DV Orders Account level to avoid repetitive DCV. These domains can also be reused during certificate reissuances. * **PII Data Encryption:** Encrypted the Personally Identifiable Information towards data privacy. * **Certificate Renewal Notification:** Added ability to enable/disable the certificate renewal notifications at the account configuration level for the decision making. This option helps users to stop receiving renewal email reminders about expiring certificates. * **Billing information in emSign Hub:** Now supports GSTIN / VAT field for the purpose of invoicing. > **Enhancements** * **Order Approvals by Administrator**: We've made a few tweaks and a bit of fine-tuning to streamline the order approval process by account administrator if the request is submitted by account users with following roles: Standard User & Basic User roles. This change is common for both Resellers and Enterprises. * **Invoice Changes:** Revamped 'Invoice changes' for better user experience which included GSTIN no, PO reference No. & ability to view SSL domain name within the invoice. ## R1075 (11-Oct-2023) This release introduces in-built TLS Discovery feature via emSign Bot to scan & discover all SSL/TLS certificates, Reissue Certificate feature to facilitate self-reissuance at free of cost, Add/Remove SAN quick action for addition/removal of SANs (domains) to streamline the certificate lifecycle, incorporated minor enhancements (such as Identifier information) in all order email notifications for improved tracking and user experience, and includes various other flow updates. > **What's New** * **TLS Discovery Via Bots:** We are introducing in-built TLS Discovery feature via emSign bot that helps to scan the network based on the defined targets to discover & monitor all the SSL - TLS certificates irrespective of the issuer CA. It gives holistic view of certificates used across the enterprise in a single interface. * **Reissue Certificate:** We are introducing a new reissue certificate feature for all the certificates, Add / Remove SANs for all SSL UCC products for ease of self-reissuance. Users can any easily add/remove domains(SANs) at any point of time for easy certificate lifecycle management & get a new SSL certificate. * **Reissuance Order Tracking:** Add the ability to track & monitor the re-issuance orders at the original order level to check the history. * **OV Certificates via ACME:** ACME protocol now supports SSL OV certificate issuance towards the automation of SSL/TLS processes. We've added the ability to generate EAB Credentials for OV certificates to use it in your ACME clients of choice and get OV certificates instantly. * **Certificate Pricing updates:** This release brings certain pricing updates for SSL & SMIME products, Additional domains pricing. Similar update has been made at Sub-accounts pricing features. > **Enhancements** * **Orders:** Revamped the 'Orders' page by including the 'Certificate Status' column in the report for better user experience. This helps to track the revoked certificates, ready-to-download certificates, etc. * **Email Notification Updates:** We've made a few tweaks and a bit of fine-tuning to the Inclusion of identifier in order email notifications, certificate status in orders report for better tracking & certificate status visibility. ## R1062 (28-Sep-2023) This release introduces an automatic order cancellation feature for all emSign certificates to address compliance issues, along with minor enhancements to the ordering form. > **Enhancements** * **Automatic Order Cancellation:** emSign will automatically cancel all the pending orders after 90 days from the ordered date if any actions are pending from customer. This is to ensure timely order management & quick certificate validation. ## R1046 (12-Sep-2023) This release introduces improvements to the Credit Note feature for cancelled orders which includes ability to capture detailed cancellation reason information. It also includes enhancements to the Order Report with an ability to export and see all the Custom Order Fields information. > **Enhancements** * **Credit Note improvements:** Now Cancel Order feature supports Credit note Type & Reason field to capture the detailed order cancellation information. * **Orders Report improvements:** Refreshed 'Order Report' Excel with an option to view Custom Order fields as for a better user experience. Users can generate an excel report with all the custom field information. ## R1039 (05-Sep-2023) This release introduces a custom field feature, empowering account administrators to configure their custom order fields. It enhances the ordering flow by incorporating custom fields for improved usability and efficient order management. Additionally, it includes the ability to add additional email recipients for notifying order-related communications, account-wide additional certificate renewal email recipients to send renewal reminders, and several other enhancements in the orders report and billing information to enhance usability. > **What's New** * **Free DV via ACME:** Now get free DV via ACME. * **Custom Fields:** We are introducing a new custom fields feature that will allow the administrator to add specific data with pre-defined data types. These custom fields allow you to add for your certificate order forms. If this feature is not available in your account, please contact your Account Manager. * **Ordering flow with custom fields:** Added ability to use custom fields as part of order form under additional information for capturing the additional information for better tracking. Addition of custom order fields to simplify record-keeping and order management efficient. * **Additional Email Recipients for Order Notifications:** This release brings inclusion of 'Additional Email Recipients' in the ordering form under additional information. This option allows users to add the email addresses for notifying all the order-related communications. * **Configure Account-wide certificate renewal email addresses:** This release brings the inclusion of 'Configure Account-wide certificate renewal email addresses' configuration under Account Settings. This option allows administrators to configure the additional email recipients for notifying certificate renewal reminders to all the expiring certificates purchased from the respective account. * **Configure Group-level certificate renewal email addresses:** This release brings the inclusion of 'Configure certificate renewal email addresses' option under groups. This option allows administrators to configure the group email addresses for notifying certificate renewal reminders to all the expiring certificates associated to the respective group. * **CSR Generator link in Certificate Ordering:** You can now download the eMudhra CSR Generator Tool as part of the ordering form for CSR generation. > **Enhancements** * **Orders Report Enhancements:** Added Custom Fields based Advanced Search & Inclusion of Custom fields information in excel. * **Billing Information:** Now supports 'Mobile Number' & PAN fields (only for India) as mandatory under Account Billing Information for the purpose of invoicing. * **Billing Information Alerts for Sub Accounts:** Refreshed billing information alerts in 'Dashboard' for sub-accounts for better usage & understanding. This change is applicable in case of 'Bill to Sub Account'. ## R1031 (28-Aug-2023) Introducing a new emSign SMIME simple certificate in this release, a mailbox-validated simple certificate with 1 and 2 years of validity. This certificate enhances email security through digital signing and encryption, safeguarding your communications. > **What's New** * **New emSign SMIME - Simple MV-S Certificate Offering via New Request:** We are introducing a new emSign - SMIME - Simple MV-S which will secure your email communications. It is a mail box validated certificate & certificate issuance will be fully automatic. This email certificate helps you to Prevent tampering, Ensure message privacy and keep sensitive info private. It is a mailbox-validated certificate. ## R1024 (21-Aug-2023) The release enhances the Hub Dashboard displaying entire account data by default for improved tracking. All keyboard characters are now accepted (System-wide) to guarantee a consistent and error-free platform. Additionally, Improvised ordering form to pre-fill the Domain Name from the submitted CSR information to reduce manual efforts. > **Enhancements** * **Dashboard:** Added ability to show the entire account data by default in a dashboard for ease of tracking which shows quick statistics of Orders, Certificate Requests, Users, Organizations, Domains, Sub-accounts & Order status. Additionally, the user can filter out the data with the other available time intervals. * **All Keyboard Characters:** Added ability to accept all the keyboard characters throughout the platform for ensuring a consistent and efficient user experience throughout the entire application for error free. * **Domain Name from CSR:** Improvised ordering form to pre-fill the Domain Name from the submitted CSR information to reduce manual efforts of entering the domain value for every order. ## 1001 (29-Jul-2023) In this release, we are excited to announce the launch of our new emSign Hub platform, an upgraded version of emPower portal. emSign Hub is an unified platform for all your digital certificate needs. It is an advanced system to get your SSL/TLS & also provides access to the complete range of offerings within the emSign portfolio. The platform is easy to use, self-service enabled online system accessible at [hub.emsign.com](https://hub.emsign.com/). This versatile platform caters to resellers, enterprises and online customers, enabling them to embrace digital transformation products offered by emSign in a self-managed fashion, with free access to a comprehensive set of product features. > **What's New** * **Account Sign up & Sign In**: Added 'Enterprise Sign up' & 'Reseller Sign up' forms to create an online emSign Hub account. Ability to Sign-in with your email ID following an email OTP or Password. * **Multi-account association**: Flexibility of multi-account association with single user credentials to avoid maintaining multiple account credentials. * **M365 SSO Login:** Integrate with your enterprise single sign-on, powered by M365. * **Two-Factor Authentication (2FA):** Added an ability to enforce Two-Factor Authentication (2FA) as an additional layer of security. Account Administrator can configure this under account settings. * **Dashboard:** Added an enlightening dashboard for you to track and access your account data & insights such as Account Users, Track Orders, Account Manager Details, etc. Information visibility in the dashboard may differ as per your user role (Administrator / Finance Manager / Basic User etc.) within the respective account. Quick links availability in dashboard for ease of navigation. * **Request Certificates:** Certificate Ordering Wizard with a fresh look and feel interface for quick certificate request submission & ordering. * **Intranet SSL:** Intranet SSL certificate offering for all customers. This allows you to secure your internal server names, localhost, reserved IP addresses. * **Efficient Order Management**: Easy & Efficient Order Management Actions includes Track Order Status, Download Invoice, Download Certificate Recall Order, Revoke Certificate, Cancel Order & Many More in a single interface. * **Monitor Expiring Certificates**: Added 'Expiring Certificates' to track & monitor your expiring certificates and access to early-renewal to eliminate the risk of website outages caused by expired certificates. * **Pre-vetting of Organizations & Domains**: You can add & oversee Organizations & Domains in your account. These Pre-verified Organizations & Domains helps users to get instant certificates on demand without repetition of verification. * **Integration / automation capabilities**: REST APIs for integration with your existing applications & ACME protocol support. * **Finances:** Easily top up your account by adding funds online using any credit card. It also supports offline payments. * **Invoices:** The ability to track and download all invoices in one-single interface. This allows you to view the invoices with your search preferences. * **Ledger Statement:** A detailed top-up & transaction history view of credits and debits within your account. This helps to keep a track of your account funds. * **User Roles**: Role-Based Access Control (RBAC) within your account for enterprise security. * **Add User:** You can add users and assign them designated privileges according to the needs of your enterprise. * **Invite Users:** You can invite users to simplify user on boarding. Users will receive an user invitation link to self-enrol and activate their user account. * **Add Groups:** Added 'Groups' feature to simplify the enterprise management, which can be the internal departments, or the projects, or business units, etc. This helps in grouping the users, allocating funds, and managing certificates with exclusive and protected access. If this feature is not available in your account, please contact your Account Manager. * **Sub Accounts for Resellers**: Added ability to on board & manage Sub-Enterprises/Sub-Resellers with Reseller-choice billing model. If this feature is not available in your account, please contact your Account Manager. * **Reports:** Added Reports for various business & financial usage tracking purposes. Ability to export the data has been added. * **Audit Logs**: Added 'Audit Logs' to monitor and track all the user activities across the account. * **Account Settings**: Added 'Account Settings' to set portal language preferences, email notification language, low balance alerts, notification email addresses & many more. * **IP Restrictions for account users**: Added 'IP Restrictions' to enforce the IP restriction rules for account users to limit access of your business data & transactions. * **Private CA**: We've added state of the art Private PKI service. It's an Administrator-specific feature that enables to Build Your Own CA concept with complete flexibility. * **Private PKI Products**: The ability to add their own Private PKI product with customized certificate template based on their operational requirements and get end entity certificates in a seamless manner. * **eMudhra Certificate Utility Tool**: This tool can help you to easily generate CSR (Certificate Signing Request) for SSL/TLS & S/MIME certificates. * **eMudhra emSign Click Tool**: This tool can help you to download the certificate in a qualified-hardware. It also supports Soft token based download. Supported in Windows 7, Ubuntu & Mac operating systems. * **Various Email Notifications:** Ability to receive email notifications about orders & account related activities --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/changelog/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.