Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Symantec Releases Managed PKI Service v8.6

Created: 21 Oct 2012 • Updated: 21 Oct 2012
Teresa Law's picture
0 0 Votes
Login to vote

Announcing Managed PKI Service v8.6

Symantec would like to announce the release of Managed PKI Service v8.6, which includes new Managed PKI clients for the Android and the Apple Mac. 

Summary of New Features:

  • Transparent certificate enrollment and automation capabilities across all platforms
  • PKI Client for Android (can be downloaded from Google Play)
  • PKI Client for MAC
  • Microsoft’s Auto Enrollment enhancements that provide post processing functionality with fully transparent auto enrollment through PKI Client (not available with Microsoft Auto Enrollment alone)
  • Certificate Management enhancements
  • Enterprise Gateway GUI based installer
  • Allow configuration of KU and EKU extensions

Enhancements such as theAndroid client are one of the Symantec tools that can help organizations more safely and economically adopt Bring Your Own Device (BYOD) initiatives.   When an enterprise issues a certificate to the user of a self-supplied personal consumer device using Symantec Managed PKI Service they are able to establish a strong and reliable trust relationship with the device and its user. 

Feature Highlights:

Transparent Certificate Enrollment and Automation Capabilities Across All Platforms

With the addition of these new clients, along with an existing Windows clients and support for native Apple iOS Simple Certificate Enrollment Protocol (SCEP), Symantec provides full coverage to virtually all popular mobile devices.  Symantec Managed PKI is the only managed service solution to provide such broad client side automation capabilities. 

Mobile Capabilities of Symantec Managed PKI

Platform Availability





Mac Laptop



Transparent certificate enrollment: Provides a mechanism for an end user to begin a certificate request process by just clicking on a link in an email and using their browser to fill out a form.

Simplifies the process of producing a certificate request and generating certificate keys for both the administrator and the end user.





Automated client-side post processing:   MPKI clients can automatically configure the android operating system and the android application for which the certificate was created to use the certificate.

Greatly improves what is historically the hardest part of certificate management lifeycles – making the certificate work in client applications once the certificate is delivered – with the effect of lowering support costs and speeding up deployment.





Automatic certificate renewal:  When a user or device certificate expires the PKI client can automatically and transparently renew the certificate on the user’s behalf.

Ensures business continuity by preventing users’ certificates to expire and thus prohibiting them from accessing the services and applications the certificate allows them to use.





PKI Clients for Android and Mac

The new PKI Clients for Android and Mac make digital certificates transparent to end users.   For example, in the case of the new Android PKI client, when a certificate is delivered to an Android device, the PKI client will automatically store the certificate in a secure place on the device and then configure the application to use the certificate.  In addition, the PKI client will automatically detect when a device or user certificate is going to expire, and renew the certificate on the user’s behalf.

By simplifying some of the more difficult aspects of certificate lifecycle management – such as configuring an end user device to use the certificate, Symantec helps lower management costs and makes it easier to scale a deployment.

The Android PKI Client can be downloaded from Google Play:

An Administrator Screen indicates the use of the Android Client for end user enrollment.

An end user view on an Android device to view or manage their certificate

Client interface on a Mac

Microsoft Auto Enrollment Enhancements

Previously Microsoft’s Auto Enrollment would deliver a certificate, but the end user was required to configure its use by application (VPN client, Wifi Client, S/MIME Client, etc).  With Managed PKI v8.6 the PKI Client provides this service transparently for the user - across a heterogeneous platform and browser environment.  Microsoft Auto Enrollment is limited to the domain joining Microsoft clients.

Certificate Management Enhancements

V8.6 certificate management enhancements provide Administrator’s with insight into certificates associated with various filters as seat pools/ users/ certificate profiles/ etc. to perform certificate lifecycle operations.


  1. An Administrator may login to PKI Manager and search for all certificates associated within a seat pool at the top level account, as well as all subaccounts. It is then possible to revoke certificates individually for any certificate in the list.
  2. An Administrator may login to PKI Manager and search for certificates associated with a particular certificate profile for a subaccount only.

Enterprise Gateway GUI Based Installer

An Administrator may now use the GUI-based console for Installer to install the Enterprise Gateway; therefore it is no longer necessary to run any command line utilities or scripts.   This reduces the installation time and increases productivity on the enterprise side.

Allow Configuration of KU and EKU Extensions

This offers flexibility to the Administrator to display KU and EKU values of choice (certain values may be locked due to best practices) for various certificate profiles.  For example, the secure sign in certificate profile can only display Client Authentication in key usage and others are optional thereby keeping the certificate details clean.

Platform and OS Requirements:

The following are platform and OS requirements for MPKI 8.6. 

PKI Manager

  • OS: Windows 7
  • Browsers: IE 8, IE 9; FireFox 10.0.3 or 14
  • OS: Windows XP SP3
  • Browsers: IE 8; FireFox 10.0.3 or 14

PKI Certificate Service

  • OS: Windows 7
  • Browsers: IE 8, IE 9; FireFox 10.0.3 or 14
  • OS: Windows XP SP3
  • Browsers: IE 8; FireFox 10.0.3 or 14
  • OS: MacOS X v10.7
  • Browsers: Safari 5.1; FireFox 10.0.3 or 14
  • OS: MacOS X v10.8
  • Browsers: Safari 6; FireFox 10.0.3 or 14

PKI Client

  • OS: Windows XP SP3, Windows 7 SP1, MacOS X v10.7 or v10.8

PKI Enterprise Gateway

  • OS: Windows 2008 R2, Windows 2008 R2 SP1
  • Web Server: IIS 7.5, .NET Framework 4.0

iOS Device Support

iOS 4 and iOS5:

  • iPhones (3rd and 4th generation)
  •  iPads (1st and 2nd generation)

Android Device Support

Android OS ICS 4.0:

  •  Samsung Galaxy S II and S II Skyrocket
  •  Samsung Galaxy Tab 2 7.0
  •  Samsung Galaxy Tab 7.0 Plus, 7.0 Plus Si-Fi, or 7.7
  •  Samsung Galaxy Tab 10.1
  •  Samsung Galaxy S III
  •  Samsung Galaxy Note
  •  Nexus 7
  •  Nexus S 4G
  •  Galaxy nexus
  •  Motorola Xoom
  •  Motorola Droid RAZR
  •  Motorola XYBOARD 10.1

Technical Support:

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions. Symantec Support can be reached via email at: or by phone at +1-650-426-3535 or 1-800-579-2848.