Ask or search…

Change Log


2.7 - February 2024

SCEPman 2.7.1052

  • Fixed an issue with generating the Root CA in new installations of SCEPman.

SCEPman 2.7.1049

  • Support storing certificates enrolled via Intune in the Storage Account for easier searching.
  • SCEPman's EST endpoint allows certificate renewal using mTLS ("simplereenroll"). This is useful for unmanaged devices like web servers and Linux clients.
  • Device certificates enrolled via Intune can now contain any Subject, as long as they have a URI in the Subject Alternative Name in the format IntuneDeviceId://{{DeviceId}}.
  • SCEPman can use a User-Assigned Managed Identity instead of a System-Assigned Managed Identity. This is useful for large geo-redundant deployments, where you do not want to configure the System-assigned Managed Identity on all instances.
  • Fixes and small improvements, including:
    • Automatic analysis of OCSP responses with performance issues

Certificate Master 2.7.705

  • Fixed a case of a broken view of manually revoked certificates enrolled via Intune.

Certificate Master 2.7.702

  • Show certificates enrolled via Intune from the Storage Account.
  • When downloading certificates in PFX format, you can select whether to use a modern cryptographic algorithm required for example by OpenSSL 2.x or a legacy algorithm required by MacOS and Windows Server 2016.
  • Small improvements, including:
    • Improved performance for large numbers of certificates in the database
    • Logging to Azure Event Hub like SCEPman
    • Document Signing Certificates
    • Adjustable PFX password length with a default of 24 instead of 32 characters for increased compatibility

2.6 - November 2023

SCEPman 2.6.945

  • Logging to Azure Event Hub
  • Library Updates, including the update to Azure.Identity 1.10.3, fixing CVE-2023-36414. Currently, the exploit is not publicly disclosed, so the scope of the issue is unclear, but the published information indicates that SCEPman is likely not affected.
  • Robustness for various special cases

Certificate Master 2.6.586

  • Select Extended Key Usages for each certificate
  • Library Updates, including the update to Azure.Identity 1.10.3, fixing CVE-2023-36414. Currently, the exploit is not publicly disclosed, so the scope of the issue is unclear, but the published information indicates that Certificate Master is likely not affected.
  • Small UI improvements

2.5 - July 2023

SCEPman 2.5.895

  • Bugfix: OCSP Responses encoded GeneralizedTime with fraction of seconds, which is not compliant to RFC 5280, Section and caused some clients to reject the OCSP response (we know about Checkpoint).

SCEPman 2.5.892

Certificate Master 2.5.542

  • Improvement/fix for displaying Intune certificates

Certificate Master 2.5.516

  • Download certificates + private keys in PEM format
  • Revocation audit trail
  • Library Updates
  • Minor bugfixes and improvements, including
    • UI search button bugfix
    • Prevent double submissions of CSRs
    • Algorithms with improved compatibility (e.g. AES and SHA-256 for PKCS#12 CertBags)

2.4 - April 2023

SCEPman 2.4.772

Certificate Master 2.4.445

  • Form to request Code Signing certificates
  • Form to request Sub CA certificates, e.g. for Firewalls that inspect TLS traffic
  • Form to manually request user certificates for Client Authentication, e.g. on websites
  • UI optimizations
  • Library and Framework updates, including .NET 7
  • Minor bugfixes and improvements, including:
    • In some cases, revoked Intune certificates were still display in the list of Intune certificates
    • Hide Intune certificates that are not issued by SCEPman
    • Certificates for Jamf devices could show up as "Unknown" in the list of Jamf certificates

2.3 - January 2023

SCEPman 2.3.723

  • Store certificates issued via Jamf, Static, Static-AAD, and DC endpoints in Storage Account (and allow manual revocation in Certificate Master)
  • Partial support of ECC CAs
  • Better error messages on some faults
  • Improvements to compliance checks
    • An additional extension better suppresses usage of ephemeral certificates on Windows
    • An additional SCEP endpoint for Apple devices prevents issuance of ephemeral certificates
  • Fake CDP endpoint for cases where a CRL is technically required (the CRL contains no entries yet, though)
  • Minor bugfixes/improvements

Certificate Master 2.3.327

2.2 - October 2022

  • Improved installation experience

SCEPman 2.2.631

SCEPman Certificate Master 2.2.282

  • UI improvements
  • Additional certificate file formats for Certificate Master
  • Certificate Master lists issued client certificates for manual revocation (requires an additional permission for which you must re-run the SCEPman configuration script)
  • Library updates

2.1.522 - May 2022

2.0.473 - March 2022

1.9.207 - July 2021

1.8.155 - June 2021

1.7.140 - June 2021

1.7.122 - June 2021

  • Bugfix regarding OCSP checks for certificates issued via JAMF

1.7.101 - May 2021

1.6.465 - January 2021

  • Bugfix where some OCSP requests were unanswered
  • Bugfix impacting local logging

1.6.455 - November 2020

1.5 - July 2020

  • Key Usage, Extended Key Usage, and validity period configured in the request (i.e. in Intune)
  • Improved performance when answering certificate and OCSP requests

1.4 - Mai 2020

  • Performance enhancements
  • Bug fixing

1.3 - October 2019

  • Support for Authentication-Only user certificates (VPN, Wifi, network) in addition to device certificates.
  • Support for Intune blade certificate list

1.2 - 2019

  • Changed Log component

1.1 - 2019

  • Support for SAN Attributes
  • Sanity Checks
  • First release of Community Edition

1.0 - 2019

  • Initial release