PKI Spotlight v28.1.0 Release Announcement

We are pleased to announce the release of PKI Spotlight v28.1.0, a cumulative update that rolls up all feature enhancements and bug fixes from versions 27.5.1 through 27.8.0.

This release brings expanded monitoring capabilities across CRL status, PKI certificate status, validation locations, and certificate template governance, while also addressing stability and performance improvements. Organizations upgrading to this release will gain greater visibility, stronger resilience in PKI health checks, and improved operational assurance.

Improvements to Existing Features

The v28.1.1 release introduces several enhancements designed to improve consistency, resilience, and usability across Spotlight. The default installer now uses .NET 8.0.18, providing a more stable and secure foundation for future updates. Internal processes for retrieving and posting provider details have been made more fail-safe. At the same time, the status evaluation for Agent Role Tiles has been unified across all modules to ensure consistency in how health and performance are represented.

The Certificate Template Status module now includes certificate issuance statistics by template, as well as counts of threats and best practices by severity, enabling faster prioritization of issues. Users can filter by Certificate Authority, view a new status legend for more precise interpretation, download templates directly from the preview modal, and subscribe to template-based notifications.

Event management has also been expanded. Administrators can now toggle whether to include issued certificate event logs in monitoring, and a new diagnostic event has been added to detect failures in Splunk connection tests. In total, more than two dozen new event log entries have been introduced to align with updated subscription email notifications, providing better visibility into PKI Certificate Status, CRL Status, Validation Location Status, and Certificate Template Status.

The PKI Certificate Status screen has been renamed for clarity and now displays both primary and non-primary CA certificates, including an indicator for primary certificates within subscriptions. Similar updates have been made to the CRL Status module, which also now includes a primary indicator for subscriptions.

The Maturity Model export function has been enhanced to automatically include the date the report was saved, ensuring more accurate tracking of historical baselines. In addition, the Threats and Best Practices interfaces have been consolidated into a single, unified view for a more streamlined user experience. Within the Validation Location Status module, a new badge counter displays the number of assets referencing each location URL, helping teams identify dependencies and potential points of failure at a glance.

Fixes and Stability Updates

This release also addresses several key issues reported in recent versions, thereby improving reliability and the overall user experience. Updates to Single Sign-On (SSO) ensure compatibility when Spotlight is deployed behind a reverse proxy, and enhancements to group claim handling now prevent header overflow by limiting identity claims to permission-based groups. Several interface-level corrections were made to improve navigation and filtering, including fixes for agent summary link behavior and an issue where the “Configure SQL Connection” dialog could appear unexpectedly during controller upgrades.

In the CRL Status module, multiple fixes improve accuracy and stability. Tooltip text has been corrected, CRL download failures due to missing files have been resolved, and a race condition causing CRL update job failures has been eliminated. Additionally, expiring CRL daily digests now send correctly, valid-to date displays match evaluated results, and status updates within the CRL subscription modal are now saved correctly.

For Certificate Template Status, tooltip alignment and preview icon color have been corrected, and template previews stored in subfolders now open as expected. Event handling has been hardened against edge cases—especially in large deployments or when third-party integrations are disabled—ensuring that large event tables load reliably. Validation has also been improved for new Windows Event subscriptions, preventing false invalid flags, and several diagnostic and recurring event triggers (Events 1, 10, and 11) have been corrected to fire only under proper conditions.

Finally, the Maturity Model export process has been stabilized, resolving an issue that previously caused the progress indicator to spin indefinitely after report export completion.