Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Announcing Managed PKI Service v8.8

Created: 16 Apr 2013 • Updated: 01 May 2013
MelanieLopez's picture
0 0 Votes
Login to vote

Follow Managed PKI on Twitter @SymantecMPKI

Symantec would like to announce the release of Managed PKI Service v8.8, which includes support for the newest platforms and browsers, local key escrow and recovery service, and features to address evolving NIST guidelines.

Summary of New Features:

  • Support for heterogeneous environments
    • New platforms and browsers (IE 10 on Windows 8 platforms; PKI Client support for Windows Vista 64-bit)
    • Automate the enrollment process for MAC environments
  • Key Management Enhancements
    • Local key escrow and recovery service
    • Support for evolving NIST standards with ECC based keys
  • Support for WiMAX and DOCSIS certificates
  • General user interface enhancements improve Administrator experience

Support for heterogeneous environments

New platforms and browsers: We recognize that the majority of your environments are heterogeneous with rapidly changing versions of operating systems and browsers, which makes staying current one of our top priorities. To support the latest Microsoft Windows environments, we have added support for certificates enrolled through Internet Explorer 10 browsers on Windows 8 platforms. In addition, to address customer demands, PKI Client now supports Windows Vista 64-bit.

Automate the enrollment process for MAC environments: For Apple MAC platforms, PKI Client Auto Enrollment is now available, providing a transparent and seamless user experience when issuing certificates for end users on machines that are joined to a Windows domain. Managed PKI Service and PKI Client provide full lifecycle support including auto enrollment, making the process transparent for the user - across heterogeneous platform (Windows, MAC, Android, and iOS) and browser environments.

Key Management Enhancements

Local key escrow and recovery service: The local key escrow and recovery service features are currently available in the legacy Managed PKI Service and for Trust Center customers. This valuable functionality has now been added to Managed PKI Service 8.8. With it we allow you to escrow your users’ private keys and recover them in the event they are lost. You can store your user’s private keys in a user store at their enterprise location; however this does require an installation of PKI Enterprise Gateway. Key escrow and recovery can be managed through PKI Manager or through PKI Web Services.

Key Signing: Another enhancement that brings Managed PKI 8.8 in parity with the legacy Managed PKI Service is the addition of the following signing and encryption algorithms:

  • SHA1 with RSA encryption
  • SHA256 with RSA encryption

Symantec Managed PKI Service strives to support evolving NIST standards, provide the most comprehensive support for all platforms and devices, and is dedicated to obtaining the best performance possible. To this end, this release now offers support for certificate lifecycle operations for certificates with Elliptic Curve Cryptography (ECC) based keys. Devices using ECC based keys require less storage, less power, less memory, and less bandwidth than other systems. Now you can implement cryptography in the devices you manufacture (even if they are constrained): wireless devices, handheld computers, smart cards, and thin-clients. Smaller sized ECC keys are equivalent to large sized RSA Keys— something that will be important as stronger security systems become mandated and devices get smaller. It also provides a big win in situations where efficiency is important. The release notes provide a complete list of the supported ECC and DSA signing and encryption algorithms.

Support Additional Certificate Formats

WiMAX and DOCSIS certificate formats previously supported only in the legacy Managed PKI Service are now available in 8.8. WiMAX certificates are used to identify and authenticate the identity of devices and servers in a WiMAX network. DOCSIS certificates are used to secure cable modems. WiMAX and DOCSIS certificates provide data confidentiality, content integrity, and hardware and software authentication.

General User Interface Enhancements

With each successive release Managed PKI continues to improve ease of use. General user interface enhancements in this release include: an improved dashboard that reflects seat usages for different seat types, for a smoother and improved administrator experience; and user interface enhancements for the RA certificate enrollment page.

Platform and OS Requirements

The following are platform and OS requirements for Managed PKI 8.8.

PKI Manager

  • OS: Windows 7 Browsers: IE 8, IE 9; FireFox 17, 20
  • OS: Windows XP SP3 Browsers: IE 8 (32-bit); FireFox 17, 20

PKI Certificate Service

  • OS: Windows 7 Browsers: IE 8, IE 9; FireFox 17, 20; Chrome 23*
  • OS: Windows XP SP3 Browsers: IE 8; FireFox 17, 20; Chrome 23*
  • OS: Windows Vista 64 bit support for Native browser
  • OS: Windows 8 (desktop mode) Browsers: IE 10 
    *Chrome browser is supported for certificate lifecycle operations using PKI Client only
  • OS: MacOS X v10.7 Browsers: Safari 5.1; FireFox 17
  • OS: MacOS X v10.8 Browsers: Safari 5.1, 6; FireFox 17

PKI Client

  • OS: Windows Vista SP2 (32-bit and 64-bit) Browsers: IE 8 (32-bit), IE 9 (32-bit); FireFox 17, 20; Chrome 23
  • OS: Windows 7 Browsers: IE 8, IE 9; FireFox 17, 20; Chrome 23 (Win 7 32-bit only)
  • OS: Windows 8 Browsers: IE 8, IE 9, IE 10 (Desktop mode only)
  • OS: Windows XP SP3 Browsers: IE 8; FireFox 17, 20; Chrome 23
  • OS: MacOS X v10.7 Browsers: Safari 5.1; FireFox 17
  • OS: MacOS X v10.8 Browsers: Safari 6; FireFox 17

PKI Enterprise Gateway

  • OS (64-bit): Windows 2008 R2, Windows 2008 R2 SP1, Windows Server 2012
  • Web Server: IIS 7.5, .NET Framework 4.0
  • User Stores: Microsoft Active Directory, Novell eDirectory, and Oracle Directory Server
  • HSMs (Luna SA, Luna PCI Express, Luna SA Hybrid,  Oracle Directory Server)

See the product release notes for complete details including all version numbers.

Technical Support:

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions. Symantec Support can be reached via email at: enterprise_pkisupport@symantec.com or by phone at +1-650-426-3535 or 1-800-579-2848. 

Disclaimer: Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied.  Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

  • Support for heterogeneous environments
  • New platforms and browsers (IE 10 on Windows 8 platforms; PKI Client support for Windows Vista 64-bit)
  • Automate the enrollment process for MAC environments