- Service version "7.4-preview.1" is not supported.
- The default service version is now "7.4".
- Fixed possible "ObjectIsBeingRecovered" error immediately after restoring certificates, keys, or secrets. (#31581)
- The default service version is now "7.4-preview.1".
- Verify the challenge resource matches the vault domain.
This should affect few customers who can set
CertificateClientOptions.DisableChallengeResourceVerification
totrue
to disable. See https://aka.ms/azsdk/blog/vault-uri for more information.
Changes from both the last release and the last beta include:
- Added
KeyVaultCertificateIdentifier.TryCreate
to parse certificate URIs without throwing an exception when invalid. (#23146) - Support multi-tenant authentication against Key Vault and Managed HSM when using Azure.Identity 1.5.0 or newer. (#18359)
- Added
DownloadCertificateOptions
to passX509KeyStorageFlags
appropriate for different host applications. (#23016) - Added certificate version to distributed tracing. (#12907)
- (Since 4.3.0-beta.4) To pass
X509KeyStorageFlags
you must now pass a single requiredDownloadCertificateOptions
with a requiredcertificateName
.
- The default service version is now "7.3".
- Package metadata fixed
- Bug fixes
- Added
KeyVaultCertificateIdentifier.TryCreate
to parse certificate URIs without throwing an exception when invalid. (#23146) - Support multi-tenant authentication against Key Vault and Managed HSM when using Azure.Identity 1.5.0 or newer. (#18359)
- Added certificate version to distributed tracing. (#12907)
- Added
DownloadCertificateOptions
to passX509KeyStorageFlags
appropriate for different host applications. (#23016)
- The default service version is now "7.3-preview".
- Changed default service version to "7.2".
- Added
KeyVaultCertificateIdentifier
to parse certificate URIs. - Added
CertificateClient.DownloadCertificate
andDownloadCertificateAsync
to download anX509Certificate2
with private key.
- Updated dependency versions
- Updated dependency versions
DownloadCertificate
andDownloadCertificateAsync
onCertificateClient
now support PEM-encoded certificates and keys.
- Added default constructor to
CertificatePolicy
to use when importing a PEM-encoded certificate (#16217). - Added constructor to
KeyVaultCertificateIdentifier
to parse aUri
. - Added support for PEM files on .NET Core for
CertificateClient.DownloadCertificate
andCertificateClient.DownloadCertificateAsync
(#16897)
- The default service version is now "7.2" (still in preview).
- Removed
KeyVaultCertificateIdentifier.Parse
andKeyVaultCertificateIdentifier.TryParse
in favor of the added constructor.
- Added
DownloadCertificate
andDownloadCertificateAsync
methods to getX509Certificate2
with private key if permitted (#12083)
- Clarified in documentation that
LifetimeActions
requires a single value at this time.
- Bug fixes and performance improvements.
- Added
KeyVaultCertificateIdentifier
to parse certificate URIs. - Added link to sample on
KeyVaultCertificate.Cer
to the private key.
- Added
RecoverableDays
property toCertificateProperties
.
- Default service version is now 7.1.
- Fixed an issue where the issuer name was always null (#10908)
- Fixed an issue where GetIssuerAsync would throw for issuers with contact information populated (#10905)
- Fixed an issue where some Certificate policy properties were not serialized properly (#11669)
- Fixed concurrency issue in our challenge-based authentication policy (#9737)
- Add
RecoverableDays
property toCertificateProperties
.
- Fixed issue that prevented certificate contacts from being created, enumerated, or deleted.
- Reset challenge cache so tests can be run individually and in any order. (#9356)
- Properly import PKCS12 or PEM-encoded certificate. (#9963)
- Serialize the
MergeCertificateOptions
inCertificateClient.MergeCertificate
. (#9986) - Shorten diagnostic scope names. (#9651)
- Include resource namespace in diagnostics scope. (#9655)
- Sanitize header values in exceptions. (#9782)
- Challenge-based authentication requests are only sent over HTTPS.
CertificateClient.CreateIssuer
andCertificateClient.CreateIssuerAsync
now require aCertificateIssuer
with both a name and provider.CertificateContentType.Pem
now correctly returns "x-pem-file".- A name is now required when creating a
CertificateIssuer
. CertificateIssuer.Provider
is now read-only. Use the new overload constructor to set a required provider when creating an issuer.CertificateIssuer.Properties
was redundant and has been removed.- The
value
parameter of theImportCertificateOptions
constructor has been renamed tocertificate
. - The
policy
parameter was removed from theImportCertificateOptions
constructor, and thePolicy
property is now read-write. - The
LifetimeAction
constructor now requires aCertificatePolicyAction
argument. LifetimeAction.Action
is now read-only. Use the constructor to set the action.- The
x509certificates
parameter of theMergeCertificateOptions
constructor has been renamed tox509Certificates
.
- A constructor was added to
CertificateOperation
. You can use this to construct aCertificateOperation
to cancel or delete it without certificates/get permission.
- Moved
CertificateClient.CancelCertificationOperation
toCertificateOperation.Cancel
. - Moved
CertificateClient.DeleteCertificateOperation
toCertificateOperation.Delete
. CertificateClient.DeleteCertificate
has been renamed toCertificateClient.StartDeleteCertificate
and now returns aDeleteCertificateOperation
to track this long-running operation.CertificateClient.RecoverDeletedCertificate
has been renamed toCertificateClient.StartRecoverDeletedCertificate
and now returns aRecoverDeletedCertificateOperation
to track this long-running operation.subject
andissuerName
constructor parameters have been switched onCertificatePolicy
.subjectAlternativeNames
andissuerName
constructor parameters have been switched onCertificatePolicy
.- The
SubjectAlternativeNames
class has been rewritten to containDnsNames
,Emails
, andUserPrincipalNames
collection properties. CertificateIssuer.Administrators
has been renamed toCertificateIssuer.AdministratorContacts
.CertificateKeyType.Oct
has been removed.CertificateType
andCertificateTransparency
were added toCertificateOperationProperties
.ImportCertificateOptions.Value
has been renamed toImportCertificateOptions.Certificate
.KeyVaultCertificate.ContentType
has been removed.
- The
SubjectAlternativeNames
class now allows you to add multiple types of subject alternative names using any of theDnsNames
,Emails
, andUserPrincipalNames
collection properties. - A new
CertificatePolicy
constructor allows you to both pass in both thesubject
andsubjectAlternativeNames
parameters. CertificateIssuer.Provider
was added.
Certificate
andCertificateWithPolicy
have been renamed toKeyVaultCertificate
andKeyVaultCertificateWithPolicy
to avoid ambiguity with other libraries and to yield better search results.AdministratorDetails
has been renamed toAdministratorContact
.Action
has been renamed toCertificatePolicyAction
to avoid ambiguity with other libraries.Contact
has been renamed toCertificateContact
to avoid ambiguity with other libraries.Error
has been renamed toCertificateOperationError
to avoid ambiguity with other libraries.Issuer
has been renamed toCertificateIssuer
to avoid ambiguity with other libraries.CertificateClientOptions.Default
has been removed. UseCertificatePolicy.Default
instead.- Starting a certificate creation operation with
CertificateClient
now requires aCertificatePolicy
. - On
DeletedCertificate
,DeletedDate
has been renamed toDeletedOn
. Hsm
properties andhsm
parameters have been renamed toHardwareProtected
andhardwareProtected
respectively.Certificate.CER
has been renamed toKeyVaultCertificate.Cer
.CertificateClient.RestoreCertificate
has been renamed toCertificateClient.RestoreCertificateBackup
to better associate it withCertificateClient.BackupCertificate
.
- A new
CertificatePolicy.Default
property returns a new policy suitable for self-signed certificate requests. CertificateClient.VaultUri
has been added with the original value pass toCertificateClient
.CertificateClient.GetDeletedCertificates
includes an optionalincludePending
parameter to include certificates in a delete pending state.
CertificateBase
has been renamed toCertificateProperties
.Certificate
no longer extendsCertificateProperties
, but instead contains aCertificateProperties
property namedProperties
.IssuerBase
has been renamed toIssuerProperties
.Issuer
no longer extendsIssuerProperties
, but instead contains aIssuerProperties
property namedProperties
.CertificatePolicy
has been flattened to include all properties fromKeyOptions
and derivative classes.KeyOptions
and derivative classes have been removed.CertificateKeyType
members have been aligned withAzure.Security.KeyVault.Keys.KeyType
members.CertificateImport
has been renamed toCertificateImportOptions
.