Release 5.7.2
Smart Credential Revocation
The following enhancements have been made to revoke or hold certificates associated with smart credentials in IntelliTrust:
- when a smart credential is deleted all certificates associated with that smart credential are permanently revoked. When a user is deleted this applies to all smart credentials owned by that user.
- when a smart credential is unassigned all verification certificates associated with that smart credential are permantly revoked.
- when a smart credential is disabled all verification certificates associated with that smart credential are revoked for hold. When a user is disabled this applies to all smart credentials owned by that user.
- when a smart credential is enabled all verification certificates associated with that smart credential are unheld. When a user is enabled this applies to all smart credentials owned by that user.
The existing IntelliTrust Certificate Authority setting "Immediately Publish CRL Upon Revocation" is obeyed for these operations". For an Entrust Managed PKI, your XAP credentials must have permission to issue RLs if you enable this setting.
In this release, these changes are only supported with Entrust Managed PKIs. Support for Microsoft CAs will be added in a future release. Certificates can always be revoked from the CA.
When performing these operations, if the certificate revocation operation fails for any reason then the entire IntelliTrust action will fail. For example, if you are trying to delete a user and the CA is not running causing a certificate revocation to fail, the IntelliTrust user will not be deleted.
Grid Bulk Enhancements
The Assign Grids Bulk Operation now supports the use of SerialNumber
or serialNumber
as the header column for serial numbers, in addition to Serial Number
.
The Import Grids Bulk Operation now displays the first failed row and what the corresponding error was.
The Import Grids Bulk Operation now supports the use of group
as the third column header in the import file. This column header value can be used to ignore the use of this column during grid import processing. This allows the exporting of unassigned cards directly from Entrust IdentityGuard when this column header value is set.
Get Service IP Addresses API
A new API getServiceIPAddresses has been added to the Administration API. When called, the API returns a list of public IP addresses being used by the IntelliTrust services. These IP addresses will be the source IP addresses of any request sent by IntelliTrust to an external service such as a customer's CA or email server. These values can be used by a customer who wants to whitelist IP addresses that their service will accept requests from. Note that the list of IP addresses may change dynamically so this API should be called periodically to get an up-to-date list.