Skip to content

Releases: Venafi/vcert

Various enhancements requested by Venafi customers

28 Apr 21:07
@vfidevbot vfidevbot
v4.19.0
0e7f101
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Various enhancements requested by Venafi customers
  • Added support for EC key type and curves for VaaS Issuing Template Recommended Settings.
  • Added support for Apple M1 chipset (i.e., "darwin arm64").
  • Added support for displaying the refresh_until value in the output of vcert getcred.
  • Added support for assigning contacts/owners by policy for TPP and VaaS using the users policy specification property.
c4695a3264b751b5b9e355903b1ba70018e3ad16  vcert_v4.19.0_darwin.zip
cfddea54f96567c8a101c8a4d5e8e87e7acb21ef  vcert_v4.19.0_darwin_arm.zip
d0f367cf38e5932f17f374f11947432f5c59f81b  vcert_v4.19.0_linux.zip
76f191e0de371bf4778a64c3b936a667e7fe74b8  vcert_v4.19.0_linux86.zip
a0c43004e0270d338c4b5f60b063330adfe456be  vcert_v4.19.0_windows.zip
7301675c552509e2983c8cc16877b8c981b20124  vcert_v4.19.0_windows86.zip
Assets 8
Loading

Ability to forbid Subject fields by policy for VaaS

22 Mar 17:28
@vfidevbot vfidevbot
v4.18.2
a5106d5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ability to forbid Subject fields by policy for VaaS
  • Venafi as a Service users can specify a subject field is not allowed by setting it to an array with an empty string in the policy specification (i.e. [ "" ]).
f73a44ec51afe5d989f952e78777c7338443afdc  vcert_v4.18.2_darwin.zip
867e351890241f9aec1b4a0f86c0ef06d00bdffc  vcert_v4.18.2_linux.zip
c8c91abf52034a92e9d36f3ebf1493496843c8e9  vcert_v4.18.2_linux86.zip
dbda38a894b6e4cc180e9dc2fa0e99c4023773d0  vcert_v4.18.2_windows.zip
ff46238e5d8b4382516cb0780c7d4f6bb92a2510  vcert_v4.18.2_windows86.zip
Assets 7
Loading

Allow RSA 3072 key size for VaaS policy

14 Mar 23:40
@vfidevbot vfidevbot
v4.18.1
6314ec7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Allow RSA 3072 key size for VaaS policy
  • Removed restriction against RSA 3072 when creating a new policy on VaaS.
  • Updated readme files.
b07340a0f35a5c7040075fbc43b3842465d3167a  vcert_v4.18.1_darwin.zip
83b55ae6110d6891e921e59ce9e1aa7c80d9a545  vcert_v4.18.1_linux.zip
ff6659879139efcde955c02620453d4de1861134  vcert_v4.18.1_linux86.zip
98c7681e0d70bf794fe034e6171e10936ca70d6d  vcert_v4.18.1_windows.zip
cbd5d9ffd014bc3d6fc55279ef7d1d7fdd98448a  vcert_v4.18.1_windows86.zip
Assets 7
Loading

Support for SAN and EC keys on variables

14 Mar 20:09
@vfidevbot vfidevbot
v4.18.0
1079628
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Support for SAN and EC keys on variables
  • Added support for specifying SANs: ip, uri, email on policy specification and for requesting certificates on VaaS.
  • Added support for specifying EC key on policy specification and for requesting certificates with CSR service generated using EC keys on VaaS
92b6291b25968fb4358df4eef6ea38400669a617  vcert_v4.18.0_darwin.zip
66d2d119ddc51b024650187a5717add0d1921ebf  vcert_v4.18.0_linux.zip
dbacad2fb476ee7a85d2f8c2631dbe6bb8e30e19  vcert_v4.18.0_linux86.zip
acc89835bbcc5de795318469f6e18be57e37a5f3  vcert_v4.18.0_windows.zip
804347416b5acf0c1de48185efc2c3fe0d73d878  vcert_v4.18.0_windows86.zip
Assets 7
Loading

VCert API Additions

23 Feb 22:10
@vfidevbot vfidevbot
v4.17.1
4176e6f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
VCert API Additions
  • Implementation of methods for getting tpp certificate meta data.
  • Implementation of methods to enable vssh tool.
ac7cfcccb4b63cfe69fea15f84607850847c2a4c  vcert_v4.17.1_darwin.zip
f1cfff4eb22f9f110d105917228a18352dba0c51  vcert_v4.17.1_linux.zip
935c4890987b7df5c1c0a11a11cf2d8a60ba7200  vcert_v4.17.1_linux86.zip
f2d3d468c8ad39978295290aeec7b645b8afe6c4  vcert_v4.17.1_windows.zip
c074c14e4c5cecb5d1e530d60711003d717ce5ce  vcert_v4.17.1_windows86.zip
Assets 7
Loading

Transition private keys from PKCS#1 to PKCS#8

12 Jan 18:08
@vfidevbot vfidevbot
v4.17.0
2cc08f3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Transition private keys from PKCS#1 to PKCS#8

PLEASE READ BEFORE UPGRADING TO THIS VERSION (OR HIGHER)

  • Private keys are now output in PKCS#8 format by default with --csr local and --csr service options.
  • --format legacy-pem was added so users can still get private keys in the deprecated PKCS#1 format for legacy applications.
  • Added prescriptive error message when certificates are requested from Trust Protection Platform using --csr service that the private key PBE (password-based encryption) algorithm policy needs to be set to either "SHA1 3DES" or "SHA256 AES256".
    ⚠️ This is a breaking change (upgrade issue) that was done in the interest of improved security
  • Note: the default PBE algorithm changed to "SHA256 AES256" in TPP 21.3 and would have had to have been reduced to "MD5 DES" in order to work with --csr service in previous versions of VCert
c8bae97dd0eacdc2175bca16bf8fbc2281d51da3  vcert_v4.17.0_darwin.zip
743d69d1240b61c81a05d15cee9afa4b3f96ffdf  vcert_v4.17.0_linux.zip
f281162664827830668fe1e507b25cbad2e2227f  vcert_v4.17.0_linux86.zip
c2317aa0cd5a71bf802df6e30aab4de3802203d1  vcert_v4.17.0_windows.zip
d0e0481c9dc39e1a52cd5f89a696f48bab94b6f1  vcert_v4.17.0_windows86.zip
Assets 7
Loading

Support for SSH Protect 21.4

01 Dec 18:48
@vfidevbot vfidevbot
v4.16.1
72db322
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Support for SSH Protect 21.4
  • Added support for latest changes on SSH Protect 21.4
a7f17a678bc61b72881c5fe7a21ebe6b6af786ad  vcert_v4.16.1_darwin.zip
fef0f44f4203d77d6c4e739704040065bbf3deef  vcert_v4.16.1_linux.zip
6a654ebda74df5b30b37315065ddcb84d3a7f9e8  vcert_v4.16.1_linux86.zip
8b4bc768c66ae953f9a8acd676020e7b86b7bcac  vcert_v4.16.1_windows.zip
5c6096cef91d7e4307b238ef82f8d7e517275d7a  vcert_v4.16.1_windows86.zip
Assets 7
Loading

Support for VaaS Automated Secure Keypair

17 Nov 00:15
@vfidevbot vfidevbot
v4.16.0
fa666c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Support for VaaS Automated Secure Keypair
  • VCert CLI now supports --csr service when using Venafi as a Service.
03095011eb1f4be57738c9c2b46416ab0234bf6b  vcert_v4.16.0_darwin.zip
69a37c267b7fe3f307dc7a1300959eb36976a962  vcert_v4.16.0_linux.zip
a2f5fb462da36028de320c308631eaf6eade6517  vcert_v4.16.0_linux86.zip
c12f3b9ef18d078faef587ea9f0ff5ffcc270f9d  vcert_v4.16.0_windows.zip
6267c1f04597acb18ac8639a9d3c9f92e4e6ee93  vcert_v4.16.0_windows86.zip
Assets 7
Loading

Support for SSH Certificates

11 Oct 22:29
@vfidevbot vfidevbot
v4.15.2
67f8ad2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Support for SSH Certificates

Ends beta and completes support for SSH certificates issued using Trust Protection Platform 21.3 (and higher). New sshenroll, sshpickup, and sshgetconfig actions allow requesting and retrieving SSH certificates, and the public key for an SSH CA with VCert CLI. A token with the ssh:manage scope is required for this feature and can be obtained using the getcred action with the --ssh parameter (shorthand).

0c83870d6c17eb6ecc4c1ae9b7f4ef480469498b  vcert_v4.15.2_darwin.zip
f9a5424c0e2638f409f6eb75b50df4c81f6f6f72  vcert_v4.15.2_linux.zip
e1cd96df387f32aff45027ec980793c8ef955690  vcert_v4.15.2_linux86.zip
c27e6c63ce1601a73c6b76bf63afdfb30154e737  vcert_v4.15.2_windows.zip
17c4f3e9f19c68c7cecb319c92d39d2770e2bcd2  vcert_v4.15.2_windows86.zip
Assets 7
Loading

Minor fix for the Policy attribute "keyReuse"

26 Aug 21:31
@vfidevbot vfidevbot
v4.15.1
e826de8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Minor fix for the Policy attribute "keyReuse"

Removed keyReuse on recommended settings for policy create request on venafi cloud.

33b973fd175891aafa5e0dd106f57ef01e2453f5  vcert_v4.15.1_darwin.zip
64dfbb59d82398bf6946de9722435e4b9889b8f6  vcert_v4.15.1_linux.zip
68650bdb18a500592b510c331c5773797471bdcb  vcert_v4.15.1_linux86.zip
9b16c3e334ef63052cb4f98d41ccf4da4264170b  vcert_v4.15.1_windows.zip
e587f97a647b89bafe6f6c049d4dff36d86cdcfd  vcert_v4.15.1_windows86.zip
Assets 7
Loading