Software-update: Certify SSL Manager 6.0.5

Let's Encrypt is een initiatief om zoveel mogelijk sites https-ondersteuning te geven door gratis ssl-certificaten te verstrekken en de implementatie makkelijker te maken. De meeste tools hiervoor zijn echter alleen beschikbaar vanaf de commandline. Certify SSL Manager biedt een grafische interface voor het aanvragen en beheren van deze certificaten op Windows Servers met IIS. De ontwikkelaars hebben versie 6.0.6 uitgebracht en sinds versie 6.0 zijn de volgende veranderingen en verbeteringen aangebracht:

Certify SSL Manager 6.0.6

Fixes:

• Core [potential breaking change]: Revert default private key type to RSA256 with key size of 2048. Some popular apps like MS Exchange etc do not support ECDSA 256 keys. If you have previously used 6.x and have MS Exchange or other affected apps, please review your Default Key Type under Settings > General
• UI: Challenge configuration should mark item as modified when parameters change. Fix recursive challenge provider UI selection bug.
• UI: Import/Export should show as an option by default.
• DNS: Avoid acme-dns provider exception is API url not set.

Certify SSL Manager 6.0.5

Enhancements:

• UI: Show the last used CA under managed certificate status. This is useful if you are using multiple CAs or CA failover.
• UI: Additional settings to toggle External Certificate Managers, using Modern PFX Algorithms and default Private Key type.
• DNS: Deprecate additional built-in providers and defer to Posh-ACME versions instead.
• Core & UI: Add option in settings to renew certificates based on the percentage of overall certificate lifetime elapsed.
• Core: Add option to limit requested certificate lifetime under Certificate > Advanced > Signing & Security, where supported by CA.
• Core: Add renewal reason in logs explaining why an item is selected for renewal.

Fixes:

• Core and UI: Fixed incorrect next planned renewal date shown in UI depending on renewal mode selected under Settings.
• Core: Prevent exception if no matching CA account has been configured to match the certificate request.
• Core: Fix error reading IIS site list if site does not have a path set in config.
• Core: Additional validation checks for invalid Authority Tokens.
• Core: Ensure periodic certificate store cleanup uses preferred store type.
• Import/Export: Fix issue where PFX file remained encrypted after import. Added import overwrite option.
• UI: Prevent exception if selected item is deselected during save.
• Tasks: Fix intermediate chain export for Apache/nginx/hashicorp-vault to not include root.

Certify SSL Manager 6.0.4

Fixes:

• Installer: Fix versioning of various bundled Microsoft DLLs.
• Azure DNS: Fix issue where existing record would have challenge value appended rather than a new record entry being created, fix cleanup of TXT records.
• CA Failover: Improve selection of fallback CA choice where only 1 domain is included in cert.
• Data Stores: Fix UI issue that prevented switching back to original default data store after switching to a different data store.

Certify SSL Manager 6.0.3

Fixes:

• Installer: Update digital signature on executables & libraries. Cleanup additional artifacts from previous installs.

Certify SSL Manager 6.0.2

Fixes:

• DNS: restore credential "Test" functionality where supported.
• AutoUpdate: Fix issue where AutoUpdate script would download previous app version due to version string not being passed to API. Add Windows Event logging.
• Help: Fix issue where invalid help links would cause an exception when link clicked.

Certify SSL Manager 6.0.1

Enhancements:

• Tasks: Add new Deploy to Doppler task for storing certificate artifacts in Doppler SecretOps.

Fixes:

• SQLite: Improve error handling when a database file is locked.

Certify SSL Manager 6.0.0

Enhancements:

• Certify SSL Manager is now simply called Certify Certificate Manager
• Add support for STIR/SHAKEN (Secure Telephone Identity) certificates and add Martini Security (martinisecurity.com) as a built in CA.
• Automatic CA fallback/failover is now enabled for new installs by default and can be toggled under Settings > Certificate Authorities, just add multiple ACME accounts and the app will automatically switch to the next available CA if the current one is unavailable or failing.
• CA: Add Sectigo (EV,DV,OV ACME endpoints) as a built in CA option.
• Data Stores: optionally use MS SQL Server or PostgreSQL as the data store instead of SQLite, migrate data between stores.
• CLI: implement backup import/export options
• Core/UI: Improved support for managing many thousands of certs
• Core: Internal ACME CAs can now optionally connect using self-signed TLS
• Core: New certificate OCSP and ARI health checks twice per day, per certificate, to test for any required early renewal.
• Core: Use Anvil library for ACME support
• Accounts: add support for importing and exporting account details, account key rollover and optional account deactivation on delete.
• UI: Added turkish language support (thanks to Riza Emet)
• Tasks: New deployment task to Set Private Key permissions for specific account.
• Tasks: New task Update Port Binding for general TLS port binding updates.
• DNS: New Domeneshop and Infomaniak DNS providers via Posh-ACME
• DNS: New version of Microsoft Azure DNS provider.
• DNS: New Google Domains provider for DNS based ACME challenges.

Breaking Changes:

• CA: Let's Encrypt will now default to the ISRG Root X1 chain instead of the default expired DST Root CA X3 chain.
• Core: Private Keys now default to ECDSA 256 instead of RSA 2048
• Core: Installed root certificate no longer required for a successful PFX build.
• Tasks: Exclude root cert from default export for Apache, nginx and Generic Server fullchain option.
• Community Edition: Unlicensed version will manage up to 5 managed certificates.

Fixes:

• DNS: GoDaddy DNS provider fetch all result pages, fix default result page sizes
• UI: Changes to preferred chain were not being saved in account editor
• UI: Certificate Authority select resets if user changes to main settings tab
• UI: Fix challenge credentials reset to default item on refresh of credentials list