New Features

ADC

CERT

• Post-Push Validation

  AppViewX introduces post-push validation, an automatic HTTPS-based verification that ensures certificates are correctly installed after push. The system compares served certificates with expected ones across all associated IP:Ports. A new Push Validation Report in Insights > Operations visualizes the push success and failure data, providing greater operational assurance and visibility.

• Support for Certificate Revocation with Policy Engine

  AppViewX now supports Policy Engine–governed revocation workflows, allowing organizations to define structured, auditable, and secure revocation processes. Policies can include pre-validation, approval steps, automated archival, and stakeholder notifications, ensuring end-to-end governance and compliance during certificate termination.

• Crypto Agility

  To ensure visibility into CA-driven or CAB Forum-mandated updates AppViewX now compares Key Usage and Extended Key Usage between old and renewed/re-enrolled certificates.

  If any differences are detected, such as changes in server or client authentication support, the system automatically notifies users via UI alerts and email.

• Reuse Existing Private Key for Certificate Re-enrollment

  AppViewX now supports reusing existing private keys during re-enrollment when securely stored within the system. Administrators can choose between key reuse and new key generation, offering flexibility for legacy systems, device-bound certificates, or compliance-controlled environments.

• Integration of AppViewX Certificate Discovery with Qualys

  AppViewX now integrates with Qualys during certificate discovery. The system automatically consumes data returned by these integrations to identify new certificates, enrich endpoint metadata. This enhancement improves visibility across hybrid environments and bridges certificate lifecycle management with external vulnerability insights.

• CLM Notifications with Holistic View Quick Access

  AppViewX now provides actionable notifications for certificate issuance, renewal, re-enrollment, reissue, and regeneration. Each notification contains a direct link to the certificate’s holistic view to speed up resolution of failures and streamline certificate lifecycle operations.

• Integration of AppViewX Certificate Discovery with Tenable SC and IO

  AppViewX now integrates with Tenable SC and IO during certificate discovery. The system automatically consumes data returned by these integrations to identify new certificates and enrich endpoint metadata. This improves visibility across hybrid environments and bridges certificate lifecycle management with external vulnerability insights.

• F5 Communication Mode switch – REST and iControl

  AppViewX now supports using REST APIs communication channel for F5 BIG-IP devices, improving performance and security. Administrators can optionally configure iControl mechanism in case REST communication fails.

• Support Certificate Push to AWS Secrets Manager
  AppViewX now supports integration with the AWS Secrets Manager service for both:

  • Standalone AWS Accounts

  • Cross/Federated AWS Accounts (role-based access, external ID, assume role)

  AWS Secrets Manager is widely used to store private keys, TLS certificates, keystores, and secret materials used by cloud workloads. Many customers store application certificates in Secrets Manager and need AppViewX to inventory these certificates, track expiry, enforce policies, and automate renewal/push flows.

  For this integration, AppViewX:

  • Automatically discovers certificates stored in Secrets

  • Manager and updates the certificate inventory

  • Enables cloud-native certificate visibility and governance for workloads using secrets-based TLS management.

  • Identifies associated endpoints/workloads if available

  • Refreshes data during scheduled or manual discovery

  • Enables pushing certificates to the AWS Secrets Manager manually or automatically after renewal/re-enrollment/regeneration.

• Automated Daily Metadata Synchronization for Sectigo, Microsoft Enterprise, and DigiCert CA

  AppViewX now supports automated daily metadata synchronization with Sectigo, Microsoft Enterprise, and DigiCert CA. This ensures that all certificates, whether enrolled through AppViewX or externally discovered, retain the necessary order and renewal attributes required for seamless renewal workflows. Administrators can enable or disable the synchronization as needed.

• Support for DigiCert 12-Month Subscription Model

  AppViewX now supports DigiCert’s new 12-month subscription model for SSL/TLS certificates, enabling customers to request, manage, and renew certificates in alignment with DigiCert’s subscription-based validity term. With this enhancement, certificate expiry calculations and renewal schedules are automatically adjusted to the 12-month lifecycle, ensuring compliance with DigiCert’s subscription requirements while maintaining seamless automation.

• Support for DigiCert X9 PKI Enrollment & Lifecycle

  AppViewX now supports DigiCert X9 PKI certificate enrollment and lifecycle management, enabling automated issuance, renewal, and revocation of X9-compliant certificates. This enhancement ensures seamless integration with DigiCert’s X9 PKI infrastructure while maintaining stability and compatibility with existing workflows.

DDI

• Domain Visibility with MarkMonitor

  DDI now integrates with the MarkMonitor Domain Registrar to provide centralized visibility into enterprise domains and their associated DNS nameservers. This integration enhances domain lifecycle management and correlates registrar data with DNS configurations for better governance.

  It also enables Domain Control Validation (DCV) through Cert, including support for TXT record creation, simplifying certificate validation and domain operations.

• New Datamodel Management UI

  A new Datamodel Management UI is now available in DDI, enabling dynamic control over field visibility and labels across IP Compliance Dashboard, IP Search, and IP Inventory. Changes are persisted automatically to the underlying JSON model, applied in real time, and maintained independently per tenant with full audit tracking.

Install and Upgrade

• Support for FIPS enabled OS

  Support has been added for deploying AppViewX in on-premises environments running FIPS-enabled operating systems.

KUBE

• Tag Management in KUBE

  KUBE now allows users to create and manage Tags to group clusters, namespaces, and target types. Tags can be linked to user groups to provide consistent access control and governance. The feature is available under KUBE > Groups & Policies > Tags, with access managed through ACF permissions.

• AppViewX Istio CSR

  AppViewX now supports istio-csr mode for issuing External CA certificates to ISTIO. A new appviewx-istio-csr component with gRPC server accepts the certificate request from ISTIOD, reusing existing CA configurations and signer functionality for certificate issuance.

PKI

• REST APIs for Native PKI Certificate Templates

  Added REST APIs to create and modify certificate templates in AppViewX Native PKI programmatically using APIs, enabling automation, CI/CD integration, and large-scale template management with role-based access controls.

• Email & In-App Notification Alerts for AppViewX Native PKI

  Introduced built-in email and in-app notifications for critical AppViewX Native PKI events, including CA and CRL expiry, OCSP issues, and PKI service errors. Administrators can configure alert recipients and notification preferences to improve operational visibility and enable proactive monitoring and management of PKI services.

• Comprehensive Audit Logging

  Introduced audit logging for all AppViewX Native PKI health status changes and administrative actions across CA, CRL, and OCSP services, with filtering support, API access, and syslog export for enhanced traceability, compliance, and operational transparency.

• Parallel Support for Standard and PQC Ready CAs

  AppViewX now supports parallel operation of AppViewX CA (Standard CA) and AppViewX Native CA (PQC-ready CAs), allowing you to manage both CA types simultaneously, distinguish them in the UI, and issue certificates from the Native CA without disrupting Standard CA operations.

Platform

• Alert Notification in Visual Workflow

  A new notification event has been added to alert users when a workflow request fails, with delivery via push notification, email, or both to users, usergroups, or distribution lists. Workflow failure notifications are accessible from the notification icon under the Platform product, with a View option to see request details.

Quantum Trust Hub

• Agent Versioning & Manual Upgrade

  AppViewX introduces a clear versioning and an automated upgrade process for the AppViewX Config Scan Agent that is aimed at ensuring you can deploy new features, fixes, and security updates consistently and securely across all endpoints without manual intervention.

  Currently, agent version upgrade is supported only for the Linux v2.0.0 (v2026.1.0.0) and Windows v1.0.0 (v2026.1.0.0) base versions. If your current agent version is Linux v1.0.0 (v2025.11), please ensure that you replace the older version with the Linux v2.0.0 (v2026.1.0.0)/Windows v1.0.0 (v2026.1.0.0) version.

• The PQC Activity logs monitoring feature has been introduced in the Quantum Trust Hub. This RBAC-governed feature lets administrators view real-time and historical log data, which lets them identify issues and anomalies, troubleshoot failures, maintain system reliability and security, and meet audit and compliance requirements. This leads to faster incident response and a healthier system performance.

SIGN

• Increase File Upload Limit for Signing from 4MB to 10MB

  SIGN now supports an increased maximum file upload size for signing operations, with the limit raised from 4MB to 10MB to better support larger signing formats and evolving customer use cases; this enhancement is applied uniformly across both Web UI uploads and API-based signing requests, while continuing to enforce all existing validation, security, and performance safeguards to ensure reliable and secure signing operations.

• Provide Option to Choose Between User or Machine Certificate Store for SIGN Package Installation

  SIGN Windows installer for CSP use cases now provides a configuration option to choose whether the signing certificate is installed in the Current User or Local Machine certificate store, enabling better support for shared systems, service accounts, and enterprise deployments; based on the selected option, the certificate is installed in the corresponding store and stored in the appropriate file system location (AppData for User or ProgramData for Machine), ensuring improved alignment with enterprise security policies and system-level signing requirements.

• SIGN Windows installer for pkcs11 use cases now provides a configuration option to choose whether the signing certificate is installed in the Current User or Local Machine certificate store, enabling better support for shared systems, service accounts, and enterprise deployments; based on the selected option, the certificate is installed in the corresponding store and stored in the appropriate file system location (AppData for User or ProgramData for Machine), ensuring improved alignment with enterprise security policies and system-level signing requirements.

• HSM Integration Change (PKCS#11 → SDK) for SIGN Operations

  SIGN has completed comprehensive functional, regression, compatibility, and performance validation in alignment with the Platform team’s migration of HSM integration from PKCS#11 to the vendor-provided SDK, ensuring seamless end-to-end signing operations, measurable performance improvements for both file-based and hash-based signing workflows, and no regressions or behavioral changes in SIGN functionality